I am wanting to self host a fediverse instance. I don’t hope to make it big. Hoping for 200 users at most, and I won’t advertise it heavily so it’ll probably be a while before it gets there.

Is it a bad idea to host something like this on local hardware at home? I have a lot of local-only self hosted services, and I wouldn’t want those to be compromised.

But my biggest fear is overloading my network. I already don’t get the fastest signal in some parts of my house, and I am worried the extra traffic might put more pressure on the network.

What are your thoughts on hosting local? Should I just avoid the headache and host on public instance?

  • th3raid0r@tucson.social
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    2
    ·
    1 year ago

    On a technical level, user count matters less than the user count and comment count of the instances you subscribe to. Too many subscriptions can overwhelm smaller instances and saturate a network from the perspective of Packets Per Second and your ISPs routing capacity - not to mention your router. Additionally, most ISPs block traffic traffic going to your house on Port 80 - so you’d likely need to put it behind a cloudflare tunnel for anything resembling reliability. Your ISP may be different and it’s always worth asking what restrictions they have on self-hosted services (non-business use-cases specifically). Otherwise going with your ISP’s business plan is likely a must. Outside of that, yes, you’ll need a beefy router or switch (or multiple) to handle the constant packets coming into your network.

    Then there’s a security aspect. What happens if you’re site is breached in a way that an attacker gains remote execution? Did you make sure to isolate this network from the rest of your devices? If not, you’re in for a world of hurt.

    These are all issues that are mitigated and easier to navigate on a VPS or cloud provider.

    As for the non-technical issues:

    There’s also the problem of moderation. What I mean by that is that, as a server owner you WILL end up needing to quarantine, report, and submit illegal images to the authorities. Even if you use a whitelist of only the most respectable instances. It might not happen soon, but it’s only a matter of time before your instance happens to be subscribed to a popular external community while it gets a nasty attack. Leaving you to deal with a stressful cleanup.

    When you run this on a homelab on consumer hardware, it’s easier for certain government entities to claim that you were not performing your due diligence and may even be complicit in the content’s proliferation. Now, of course, proving such a thing is always the crux, but in my view I’d rather have my site running on things that look as official as possible. The closer it resembles what an actual business might do, the better I think I’d fare under a more targeted attack - from a legal/compliance standpoint.

      • th3raid0r@tucson.social
        link
        fedilink
        English
        arrow-up
        30
        arrow-down
        1
        ·
        1 year ago

        Eh, but then he won’t learn anything. I’ve never found that response acceptable. It just perpetuates the problem. To each their own though!

    • Doctor xNo@r.nf
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      6
      ·
      edit-2
      1 year ago

      I understand this policy of needing to report them to official authorities is a new thing they now added out of fear of losing their grip of control on social media when people swarm to private instances.

      My standards however will always remain on “No government has any business in private stuff.” Just like everybody follows default trafficlaws on private parkings, but in reality they are just rules of the owner and unless you do damage the police can’t do anything for driving wrongly on them. Same goes inside a store. Government has no say in how internals are handled and will only be allowed to note damage and allow the owner to press charges, if they so chose. I’m just drawing that basic right further to everything, including any privately setup software.

      I kinda also feel that if I have to go and involve government authorities, it takes away a large basic reason to even go private. I’m not paying servercosts to still having to deal with government [insert bad word here]…

      Governments can suck it and I’ll just deal with my own issues. There is absolutely no way in hell I’m going to voluntarily contact any government [insert different bad word here] for things I am doing in private. They can go stand on their heads for all I care…

      NB: This is in no way an attack towards you or what you commented, voting it up even cause you were very helpful and I do agree in general it’s best to give the legals and leave it up to people to choose to follow that or not, I just needed to get this frustration about government control in private setups off my chest… 😅

      • hips_and_nips@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        My standards however will always remain on “No government has any business in private stuff.”

        I never thought I’d see someone openly admit, even advocate, that they’re willing to host child sexual assault material on hardware they own. That’s a sad hill to die on.

        I don’t really care about anything else you’ve written to justify your blanket standards either. All it takes is one example (CSAM) to show the depravity of your standards.

        I’m all about privacy, even so far as to emigrate from the US to a country in the EU for privacy. But I have compassion and empathy and am also aware of ethical behavior, morality, and decency.

        Privacy is not more valuable than protecting innocent human lives. If you can’t see that, you are lost. I’m sorry.

        • Doctor xNo@r.nf
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I agree, yet privacy is still more important than people watching media they didn’t make. I advocate any and all people making those should be our target, not senselessly give up rights so we can punish those that didn’t hurt anyone. And I just don’t believe in the current legal system and allowing people that unpunished do attrocities to deal with other people doing them does not form an ok with me. 🤷‍♂️

          You are literally going to idiots that don’t solve the problem and are proven to do similar bad things themselves, who are using offense towards the people so attention diverts away from them, and you are arguing to ‘me’ that I don’t want to do the same stupidity…? 🤷‍♂️

          Go take a better look at your own actions, dude…

          • Doctor xNo@r.nf
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Also if somebody films a murder, do we punish everybody that wants to see the video? No.

            Then why are we punishing people that just watch it while not solving anything on those making them? 🤷‍♂️

            Logic is a thing people apparently give up for authority. Not me though. Someone that wants to watch CSAM is not your business, just like it isn’t if they watch murder, space stuff of baby cats… (And no, I don’t think they are the same. Taking that from this would just be not wanting to think logic to make another inconsistent counter-attack, so please, don’t.)

            The harm with CSAM is already done and you’re taking it out on the wrong persons with help of even worse people, wasting time on targets for what they might do instead of using it on people who actually did/do the bad things creating them.

            Good job… Meanwhile I’ll continue to focus on people that actually did something wrong…