Looking at the current selfhosted landscape and saying "nice but nobody will want to do this" is like looking around in 1970 and saying "nobody will want to own computers, you just rent them for tasks".
I say this after copious amounts of invested time over a timespan of 15 years to selfhost. The software landscape changed immensely. Especially now with AI, the software output and ability to learn is night and day. Software projects specifically targeting selfhosting as a mission is a somewhat new phenomena, before we had small business/enterprise tools that just happened to be down-scaleable for personal needs. We're not very far off to have great - and not just okay - click-to-install solutions.
If you don't own your infra, you are dependent. "Community hosting" is just hosting with a less reliable and more finicky admin. E2E on corporate cloud is nice but the price and terms may change any day. E2E in cloud itself is under scrutiny. A for-profit will bow to whatever legal framework they operate in. They will always want to increase those profits, easiest way for that is at the cost of what they own: the userbase and their data.
Selfhosted security is an issue, but individual users are harder to scrape/target and offer less of a bounty beyond basic/defeatable script attacks.
Instead of a defeatist attitude why not just solve the issues, they're not that hard.
GianFabien · 2h ago
The majority of folks are consumers and unable and/or unwilling to handle the complexity of self-hosting, self-sovereignity, etc. They will gravitate to what is free and easy. There are no incentives for the major vendors to implement protocols that will threaten their massive advertising revenues.
If you decide to foster an online community, then you might end up being the tech support to that community. For many of us, that is not an appealing choice.
anonzzzies · 2h ago
There are no incentives until you get screwed over yourself. As an entrepreneur and long term (almost 40 years) owner of running businesses, I have been screwed over by anything from banks to insurers to couriers to, let's just name names, Google, Paypal, Stripe etc. Without recourse. But PERSONALLY, I have also been screwed by the same services, without recourse. And for that reason, I (try to) use services that I can visit and sue which means they need to be inside country where I live aka sovereign. I know I can sue Google theoretically but if it's not about 10m euros+, the Dutch lawyers/courts are going to tell me not to do it as it's not possible to even get a 'sorry' from American companies. While if it's a Dutch company, I just walk into their office and the CEO is going to explain to me why they did what they did. And because they know this, I have had my accounts reinstated when blocked, always can pick up the phone to 'my' account manager and IF they screw me, I know my rights and I will get a 'sorry' + money back without laywers. The actual 'I'll be at your office in 30 minutes' is usually enough to make anything happen.
(also, sitting with the owner / ceo very often results in them learning about something they actually did not know; a few months ago I went with bol.com managers through some process on their site which they didn't know was completely broken because of 'anti-fraud AI' and they kept blaming me (not only me, just 'dumb users'), so seeing them trying themselves and failing was hilarious)
noirscape · 1h ago
Cory Doctorow has a good term for what those big American tech companies do; rather than too big to fail, they're too big to care[0]. Because they've muscled all their meaningful competition out of the way (or at least think they do), they instead start ignoring support requests and increasingly alienating customers.
You'd think that eventually market forces would try to correct this, but in practice that doesn't happen because big companies can just buy out any entity that's an actual threat to them/cover so many areas that getting rid of them is nigh impossible. (There's some attempts to limit this from the EU and before 2025, the US as well, but a major part of the beef the US has with the EU is that they're trying to force these major tech companies to care again.)
Completely agree about working with companies in the same country so you actually get support, I learnt the hard way and now try and avoid overseas companies for this reason.
Calling out one company in-particular that we just got over an absolute nightmare of a messy divorce with, Freshworks. They are Indian-based, and their support in India treated us like we didn’t have any consumer rights at all after signing their SaaS contract (you know, one of those 1000 page things you have to sign when starting any random SaaS) and starting sending us random ludicrous invoices and refusing to ie downgrade the number of subscription seats or switch from annual to monthly billing, claiming that because we didn’t give them 60 days notice of reduction in seats we had to pay a whole year for the extra users blah blah blah, which might be legal in India, but is completely illegal in Australia.
anonzzzies · 44m ago
Ah yes, Freshworks... I could write a book about them :( Stay well away.
swader999 · 26m ago
Is this same as freshdesk?
anonzzzies · 20m ago
Freshdesk is one of their products.
crinkly · 2h ago
Yeah been screwed here a couple of times. You have to treat all these companies as disposable. Use them until they piss you off. Do not build your entire universe on someone else's turf.
It's cheaper and more convenient to fuck something off quickly than sue them.
poisonborz · 1h ago
> There are no incentives for the major vendors to implement protocols that will threaten their massive advertising revenues.
In 1996 there were especially no incentives from corporations for a free operating system to exists, yet Linux was born on the back of a few hard working engineers and the whole industry catched up, it created a lot (if not the majority) of business. You can engineer ~free and easy self-hosting.
I agree it needs to be personal, there are no appealing middle-man options.
Ekaros · 1h ago
Substantial part of population can't even manage their router or simple devices say NAS... And by manage keep them up to date.
Now think of actually running something consistently. And react to changes in that... A task a few steps above.
kragen · 2h ago
The same reasoning shows that most people will never own their own nuclear reactor, airplane, rifle, automobile, computer, refrigerator, or house, or raise their own children. So, while there is some truth in it, I think it may be leaving out some relevant factors.
chrisvalleybay · 2h ago
It was also unthinkable that everyone would have their own desktop computer at some point. If we were able to make self-hosting be as simple as having a desktop, it might be possible.
chii · 53m ago
> unthinkable that everyone would have their own desktop computer at some point
it was unthinkable not because people didn't want it, but that it costed too much back then. Half a mil for a microcomputer that took up a room?!
Current self-hosting requirements are similarly expensive - time and money. If someone were to sell an appliance for which you could just plug into the outlet, and you get it all, then it would be pretty good. Like a washing machine.
nradov · 5m ago
That hypothetical self hosting appliance would require constant system administration work, far worse than even the most complex "smart" washing machine.
dist-epoch · 1h ago
And these desktops today for 99% of people are just dumb terminals for the cloud where everything lives.
MoreQARespect · 1h ago
>The majority of folks are consumers and unable and/or unwilling to handle the complexity of self-hosting
The majority of folks just want to text and call on their phones. They are unwilling to handle the complexity of having an entire computer in their pocket. -- 2006
>There are no incentives for the major vendors to implement protocols that will threaten their massive advertising revenues.
Right. And Yahoo didnt want to be a search engine. They wanted to be the home page of the internet.
rapsey · 2h ago
Not just majority, vast majority. This article is really about 0.01% of the population who is into this.
BinaryIgor · 1h ago
I still struggle to see what exact problems Decentralized Identifiers solve and how exactly they would make the Internet better. Ommiting additional complexity they bring - where to store them, how to control them etc. - what new use cases they would allow? How would they solve some of the incentives problems on the Internet we currently have?
Having controlled by the user public-private key pair instead of multiple accounts on a variety of platforms doesn't bring self-sovereigninty by itself. Whatever you post/publish must also be discoverable by other people - and that's where we go back to centralized platforms/services of today.
kindkang2024 · 47m ago
> how exactly they would make the Internet better.
One key benefit is removing middlemen who may misuse aid.
Never underestimate human corruption—$100 million in aid might result in only $1 million truly helped those in need. This pattern is seen worldwide.
TimByte · 49m ago
You're right that discovery still tends to pull things back toward centralization. But if identity and data are portable by design, at least the gravitational pull of central platforms becomes more optional
pluto_modadic · 1h ago
Ah, yes, the cure is the magical token.
If you want a better future, make better self hosted apps, that are accessible, easy to set up, and don't lack features ordinary people ask for.
No fancy token ever beat an easy button. And no poorly built self hosting app is helping...
vaylian · 2h ago
The article argues for interoperability through standardized protocols. Freedom is achieved through the possibility to move one's own data to a different host when the current host becomes problematic. Either host can be a commercial service, a friend's computer or your own server. Self-hosting is only one option among several in this model.
If you want to share individual pieces of data like photos then this probably works fine. But once you want to serve connected pieces of data that require storage in a relational database, then this will probably become a lot harder to handle, because you need well-defined procedures to piece together data instead of just returning a self-contained blob.
throwawayexmple · 40m ago
'Decentralized Identifiers' centralise identity in the DID. That's tautological.
Thus that in itself fails an idea of sovereignty: that choosing to be identified uniquely is your choice.
Barking down this alley, while useful from the perspective of NFTs, does not add much to the concept of actual sovereignty.
AstralStorm · 5m ago
Nah, if you run your own identity service, you're supposed to be able to issue any number of unverified identities yourself.
The problem there is that others do not play at all with these, plus actual trust has to be somehow solved.
Typical solutions to trust in DID involve either a big central service, a government approved signature... Or theoretically a distributed web of trust but that bit is under development.
austin-cheney · 1h ago
The thing that got me into self hosting is the phone App Store. I started writing personal applications to do what the media apps on the App Store could not. The results have been amazing and the required effort is less than I expected.
salmonellaeater · 1h ago
What are some personal applications you created to fill these gaps?
austin-cheney · 54m ago
* A media player with playlist of local media that executes in a web browser.
* proxies for http and WebSockets. Apache made this challenging and I thought I could do it better. I can now spin up servers in seconds and serve http and WebSockets on the same port
* tools to test dns, http, WebSockets, hashes, certificate creation, and more
vjerancrnjak · 1h ago
Music player that does not skip 1 second of next track, scans my big library in a second.
harel · 1h ago
I did a fair bit of work in this world of self sovereign identity a couple years ago. We abandoned the project because we felt it won't get adoption. We also embedded a verifiable credentials in a CRM making it as a platform to manage VCs at scale and nobody cared. Most people don't care it seems. Or maybe it's just too future tech and we're not there yet.
pferde · 2h ago
The good news is that every self-hoster will be more than happy to start using this hypothetical self-sovereign solution with their data, if and when it becomes available.
I know I would. I'm just not smart enough, nor have the correct kind of experience to start designing, building or evangelizing such solution, so I am stuck waiting for someone else.
A good example is ForgeFed, which I can't wait to mature enough to be usable.
kennywinker · 2h ago
> This blog post was drafted with the help of a language model, but all opinions expressed are my own
Why not post the prompts, it’ll be a shorter read with presumably the same amount of new information.
robmao · 2h ago
The prompt is much longer and less structured than the blog post.
Imustaskforhelp · 2h ago
I am not a writer and the blog posts I have built are really long and I am pretty sure that noone except myself have read them, but I really feel as if I use AI quite a lot to code some one off projects and nowadays a general overreliance on them too.
I am pretty sure that sure, it might be more tedious to actually manage your thoughts into more structured format to present to a larger audience and you might think that AI is meant for such tasks but I personally feel as if there is something about using AI in writing that feels sloppy most of the times.
Write bad but original. Maybe it won't get to the top of the HN, but you get the widest amount of freedom if you are really passionate about writing.
(I am thinking of stopping to use AI / using AI to just teach me things if I find a need to create a project that I am genuinely curious to build myself)
TimByte · 53m ago
The idea of self-sovereignty being protocol-based rather than infrastructure-based is both compelling and challenging
nirui · 1h ago
> We don’t need more “alternatives” to the cloud. We need a shift in architecture—from platform-centric to protocol-centric systems.
Nice idea, but that alone is not enough.
The POP3/SMTP protocol is still a server-client based model, and such model naturally gravitates towards centralized systems which leads to the problem we're facing today.
In my opinion, to encourage self-sovereignty, a protocol should decouple the creator and the publisher. The information created by the creator can be published on multiple publisher platforms selected/directed by the creator.
And ideally the creator should be able to directly sharing information with other creators too, like a P2P system. This should also help reduce the risk of information leaking thus more secure.
The protocol also needs to be flexible enough that it can adopt the needs of more modern users too, otherwise you'll found yourself back at the start line few years later.
P.S. If you think this comment is very empty, that's because it is. I've observed quite a few P2P based protocols over these years failing to gain popularity... this is one of the things really hard to get it right. I don't know how to do it, and many way smarter people also failed to do it. So, yeah, that's why this comment is so empty. But hey, if you can get it right, maybe they should give you a Nobel or something.
AstralStorm · 3m ago
These protocols exist, e.g. on top of I2P network.
Thing is, nobody has any incentive to back them.
tonyhart7 · 1h ago
but creating new protocol (standards) also more harder, we can see the example with RCS message google try to push and that require a lot of effort even from big tech
dist-epoch · 1h ago
So far nobody explained one simple use case - self-hosted Instagram.
How does that work? I want to see the pictures of my friends, and they want to see mine. And I also want to see the pictures of some influencers.
What's the self-hosted Instagram setup that makes this work, while all the involved parties are self-hosted?
jay_kyburz · 49m ago
when you follow somebody, you put their public url in a list, then when you open the app it requests the photos from everybody on the list?
I see no reason why everybody could not run a web server on their phone.
can16358p · 40m ago
So if I follow 1000 people,
I make 1000 requests every time I open the app or refresh my feed?
Also not everyone can be on a stable connection with a public IP address with good upload speeds 7/24. In the ideal world: sure. In the real world: impossible (at least for any foreseeable near future).
jay_kyburz · 2m ago
Perhaps it could make each request as you scroll? You don't need to see 1000 photos all at once. And if your friend has sketchy internet, perhaps it can push to you when they have a good connection.
It's not perfect, but if we want self hosted, we have to start somewhere and start working out the problems.
tonyhart7 · 57m ago
hmm, another UI that connectly directly to S3???
kindkang2024 · 4h ago
Forever free, forever sovereign.
DID with ZK human proof on blockchain… Is this possible?
Imustaskforhelp · 2h ago
I have created nanotimestamps which basically allow you to embed a lot of data into blockchain itself with basically 0 gas fees.
I don't really like crypto that much from a currency perspective given its history with scam but I like the technology just a little bit so I built it.
If someone is interested on someway to monetize or I don't know just talk about it, I am more than happy to.
Regarding zk human proves, there are some zkmail things that can allow you to prove an amazon transaction or tax reciept etc. which can prove human proof so yeah I think its possible.
kindkang2024 · 12m ago
> I have created nanotimestamps which basically allow you to embed a lot of data into blockchain itself with basically 0 gas fees.
How is this possible? Is it something that EVM-based chains can support? Curious to hear more.
> Regarding zk human proves, there are some zkmail
Zkmail doesn’t prove that you’re a unique human. Worldcoin does, but it requires trusting a single company with everyone’s iris data, which is quite dangerous, and completely undermines the goal of building a decentralized, trustless system.
The future I hope for is one where our own devices handle this entirely. Imagine a VR headset or future phone using its iris scanner, combined with our social data, to generate a single, secure cryptographic proof. This proof would verify our uniqueness in the world without ever leaking iris data or any other sensitive information.
12inchidentity · 5h ago
Own yer identity. Equip yourself and others with the power of self determinism.
kosolam · 1h ago
I am truly excited to see others are thinking in the same trajectory. I’ve been contemplating on these ideas myself for quite long time.
The service providers should provide basic low level infrastructure, not own or access our data. I have a vision on how it should operate, it would be interesting to dive into this project to compare.
crinkly · 2h ago
I disagree with this.
The ideological approaches to these problems always seem to result in adding more technology to the problem, which introduces more attack vectors, more control points and more complexity, all of which are difficult to understand and manage. The real problem is you should not need to identify yourself all the time. And the best way to do that, contrary to the SaaS culture on here, is not to hand over your stuff to someone else where you need to identify yourself to get it back or even involve yourself in "services culture".
So over the last 2 years I unpicked all my dependencies and moved to a reductionist and disposable model. The "minimum happy subset" is pretty much a domain with an IMAP box still, as it was 20 years ago. The IMAP box is dumb enough to be moved around. And your stuff should be in simple files, with well-documented formats, on the computer that you own and control. An average user can self-manage this with minimal effort. Everything else I have found to be 100% disposable.
This incidentally lines up 1:1 with the non-technical friends I have who just don't care and do it that way anyway. Perhaps we care too much.
Also can we just get some plain old HTML presented like a 50 year old book next time.
Looking at the current selfhosted landscape and saying "nice but nobody will want to do this" is like looking around in 1970 and saying "nobody will want to own computers, you just rent them for tasks".
I say this after copious amounts of invested time over a timespan of 15 years to selfhost. The software landscape changed immensely. Especially now with AI, the software output and ability to learn is night and day. Software projects specifically targeting selfhosting as a mission is a somewhat new phenomena, before we had small business/enterprise tools that just happened to be down-scaleable for personal needs. We're not very far off to have great - and not just okay - click-to-install solutions.
If you don't own your infra, you are dependent. "Community hosting" is just hosting with a less reliable and more finicky admin. E2E on corporate cloud is nice but the price and terms may change any day. E2E in cloud itself is under scrutiny. A for-profit will bow to whatever legal framework they operate in. They will always want to increase those profits, easiest way for that is at the cost of what they own: the userbase and their data.
Selfhosted security is an issue, but individual users are harder to scrape/target and offer less of a bounty beyond basic/defeatable script attacks.
Instead of a defeatist attitude why not just solve the issues, they're not that hard.
If you decide to foster an online community, then you might end up being the tech support to that community. For many of us, that is not an appealing choice.
(also, sitting with the owner / ceo very often results in them learning about something they actually did not know; a few months ago I went with bol.com managers through some process on their site which they didn't know was completely broken because of 'anti-fraud AI' and they kept blaming me (not only me, just 'dumb users'), so seeing them trying themselves and failing was hilarious)
You'd think that eventually market forces would try to correct this, but in practice that doesn't happen because big companies can just buy out any entity that's an actual threat to them/cover so many areas that getting rid of them is nigh impossible. (There's some attempts to limit this from the EU and before 2025, the US as well, but a major part of the beef the US has with the EU is that they're trying to force these major tech companies to care again.)
[0]: https://pluralistic.net/2024/04/04/teach-me-how-to-shruggie/...
Calling out one company in-particular that we just got over an absolute nightmare of a messy divorce with, Freshworks. They are Indian-based, and their support in India treated us like we didn’t have any consumer rights at all after signing their SaaS contract (you know, one of those 1000 page things you have to sign when starting any random SaaS) and starting sending us random ludicrous invoices and refusing to ie downgrade the number of subscription seats or switch from annual to monthly billing, claiming that because we didn’t give them 60 days notice of reduction in seats we had to pay a whole year for the extra users blah blah blah, which might be legal in India, but is completely illegal in Australia.
It's cheaper and more convenient to fuck something off quickly than sue them.
In 1996 there were especially no incentives from corporations for a free operating system to exists, yet Linux was born on the back of a few hard working engineers and the whole industry catched up, it created a lot (if not the majority) of business. You can engineer ~free and easy self-hosting.
I agree it needs to be personal, there are no appealing middle-man options.
Now think of actually running something consistently. And react to changes in that... A task a few steps above.
it was unthinkable not because people didn't want it, but that it costed too much back then. Half a mil for a microcomputer that took up a room?!
Current self-hosting requirements are similarly expensive - time and money. If someone were to sell an appliance for which you could just plug into the outlet, and you get it all, then it would be pretty good. Like a washing machine.
The majority of folks just want to text and call on their phones. They are unwilling to handle the complexity of having an entire computer in their pocket. -- 2006
>There are no incentives for the major vendors to implement protocols that will threaten their massive advertising revenues.
Right. And Yahoo didnt want to be a search engine. They wanted to be the home page of the internet.
Having controlled by the user public-private key pair instead of multiple accounts on a variety of platforms doesn't bring self-sovereigninty by itself. Whatever you post/publish must also be discoverable by other people - and that's where we go back to centralized platforms/services of today.
One key benefit is removing middlemen who may misuse aid.
Never underestimate human corruption—$100 million in aid might result in only $1 million truly helped those in need. This pattern is seen worldwide.
If you want a better future, make better self hosted apps, that are accessible, easy to set up, and don't lack features ordinary people ask for.
No fancy token ever beat an easy button. And no poorly built self hosting app is helping...
If you want to share individual pieces of data like photos then this probably works fine. But once you want to serve connected pieces of data that require storage in a relational database, then this will probably become a lot harder to handle, because you need well-defined procedures to piece together data instead of just returning a self-contained blob.
Thus that in itself fails an idea of sovereignty: that choosing to be identified uniquely is your choice.
Barking down this alley, while useful from the perspective of NFTs, does not add much to the concept of actual sovereignty.
The problem there is that others do not play at all with these, plus actual trust has to be somehow solved.
Typical solutions to trust in DID involve either a big central service, a government approved signature... Or theoretically a distributed web of trust but that bit is under development.
* proxies for http and WebSockets. Apache made this challenging and I thought I could do it better. I can now spin up servers in seconds and serve http and WebSockets on the same port
* tools to test dns, http, WebSockets, hashes, certificate creation, and more
I know I would. I'm just not smart enough, nor have the correct kind of experience to start designing, building or evangelizing such solution, so I am stuck waiting for someone else.
A good example is ForgeFed, which I can't wait to mature enough to be usable.
Why not post the prompts, it’ll be a shorter read with presumably the same amount of new information.
I am pretty sure that sure, it might be more tedious to actually manage your thoughts into more structured format to present to a larger audience and you might think that AI is meant for such tasks but I personally feel as if there is something about using AI in writing that feels sloppy most of the times.
Write bad but original. Maybe it won't get to the top of the HN, but you get the widest amount of freedom if you are really passionate about writing.
(I am thinking of stopping to use AI / using AI to just teach me things if I find a need to create a project that I am genuinely curious to build myself)
Nice idea, but that alone is not enough.
The POP3/SMTP protocol is still a server-client based model, and such model naturally gravitates towards centralized systems which leads to the problem we're facing today.
In my opinion, to encourage self-sovereignty, a protocol should decouple the creator and the publisher. The information created by the creator can be published on multiple publisher platforms selected/directed by the creator.
And ideally the creator should be able to directly sharing information with other creators too, like a P2P system. This should also help reduce the risk of information leaking thus more secure.
The protocol also needs to be flexible enough that it can adopt the needs of more modern users too, otherwise you'll found yourself back at the start line few years later.
P.S. If you think this comment is very empty, that's because it is. I've observed quite a few P2P based protocols over these years failing to gain popularity... this is one of the things really hard to get it right. I don't know how to do it, and many way smarter people also failed to do it. So, yeah, that's why this comment is so empty. But hey, if you can get it right, maybe they should give you a Nobel or something.
Thing is, nobody has any incentive to back them.
How does that work? I want to see the pictures of my friends, and they want to see mine. And I also want to see the pictures of some influencers.
What's the self-hosted Instagram setup that makes this work, while all the involved parties are self-hosted?
I see no reason why everybody could not run a web server on their phone.
I make 1000 requests every time I open the app or refresh my feed?
Also not everyone can be on a stable connection with a public IP address with good upload speeds 7/24. In the ideal world: sure. In the real world: impossible (at least for any foreseeable near future).
It's not perfect, but if we want self hosted, we have to start somewhere and start working out the problems.
DID with ZK human proof on blockchain… Is this possible?
I don't really like crypto that much from a currency perspective given its history with scam but I like the technology just a little bit so I built it.
If someone is interested on someway to monetize or I don't know just talk about it, I am more than happy to.
Regarding zk human proves, there are some zkmail things that can allow you to prove an amazon transaction or tax reciept etc. which can prove human proof so yeah I think its possible.
How is this possible? Is it something that EVM-based chains can support? Curious to hear more.
> Regarding zk human proves, there are some zkmail
Zkmail doesn’t prove that you’re a unique human. Worldcoin does, but it requires trusting a single company with everyone’s iris data, which is quite dangerous, and completely undermines the goal of building a decentralized, trustless system.
The future I hope for is one where our own devices handle this entirely. Imagine a VR headset or future phone using its iris scanner, combined with our social data, to generate a single, secure cryptographic proof. This proof would verify our uniqueness in the world without ever leaking iris data or any other sensitive information.
The ideological approaches to these problems always seem to result in adding more technology to the problem, which introduces more attack vectors, more control points and more complexity, all of which are difficult to understand and manage. The real problem is you should not need to identify yourself all the time. And the best way to do that, contrary to the SaaS culture on here, is not to hand over your stuff to someone else where you need to identify yourself to get it back or even involve yourself in "services culture".
So over the last 2 years I unpicked all my dependencies and moved to a reductionist and disposable model. The "minimum happy subset" is pretty much a domain with an IMAP box still, as it was 20 years ago. The IMAP box is dumb enough to be moved around. And your stuff should be in simple files, with well-documented formats, on the computer that you own and control. An average user can self-manage this with minimal effort. Everything else I have found to be 100% disposable.
This incidentally lines up 1:1 with the non-technical friends I have who just don't care and do it that way anyway. Perhaps we care too much.
Also can we just get some plain old HTML presented like a 50 year old book next time.