It’s 2025. The world is not doing great, and as a queer person Anglosphere tech corporations are now something I have to actively consider as part of my threat model. This was already a problem for many folks in the queer community, I was just lucky enough that in my case the risk remained acceptable.

With a fascist regime installed in the US and tech corporations gleefully embracing it, depending on those corporations is no longer an option. I’m facing a similar problem with the UK, which has recently decided to rebrand as TERF Island. Some of these changes don’t pose immediate risks to me, but they create risk for people I care about and I want to ensure I continue to have safe channels to communicate with them.

For messaging applications, none of this poses much of a problem as long as everything is end-to-end encrypted. If your provider never sees the plaintext, nor has any other ability to decrypt it, the risk goes way down. This means I’m not concerned about Signal, but even with E2EE I don’t trust WhatsApp because it’s Meta. They always find ways to pull shit they shouldn’t. But with e-mail, unless you use PGP for everything (which nobody does because it has horrendous UX), your provider still sees everything.

And yes, Europe is having issues too. But living in Europe I can’t avoid those. If it gets to the point where my government is a threat to me, I will have bigger problems to worry about.

Domains

There’s no escaping that control of the DNS roots lies with the US, even though RIRs run various root servers. This is entirely outside of what I can control. Giving up on DNS or using separate DNS infra isn’t viable if I want to connect with my friends.

But avoiding US controlled top-level domains also turns out to be surprisingly hard. Identity Digital controls over 260 gTLDs for example, about 35% of them. GoDaddy has a bunch, so does Google, Amazon, Microsoft etc. Then there’s Team Internet controlling another 100+ gTLDs and is based on TERF island. You’re basically stuck using ccTLDs.

I’m in the process of moving things across domains, and consolidating everything on gTLDs or ccTLDs that aren’t managed by US or UK entities. I’m doing the same with my registrars. This is surprisingly expensive because a number of the largest registrars are in the US and generally offer rock-bottom pricing. Many registrars in Europe still charge a noticeable markup. So I’ll probably let go of some of my “fun” domains. We can’t have fun anymore.

Email

One challenge will be e-mail. I’m very happy with Fastmail, and they are an Australian company. There are problems there too, but one step at a time. Unfortunately, their servers are all located in the US and this is one case where they have access to all the data.

Thankfully Stalwart has made some incredible progress and that seems like a viable option now. I’m hoping Fastmail is going to spin up servers somewhere else and allow customers to move their data, before this becomes an actual problem I have to deal with.

Cloud

I’m hosting my own things on Hetzner. I like them in general, though their stance towards explicit material is annoying. That can get especially tricky on Fedi. For the time being though and for my needs, it works.

I build my own Ubuntu VM images for Hetzner with a bunch of sensible and safe defaults. And they’re fully encrypted. Please steal what is useful to you. They should work for pretty much any provider that runs on top of KVM as their hypervisor. Which is 98% of them.

Services

My services run as containers managed by Podman with quadlets. This means I can manage everything as systemd services. It’s very easy to manage with configuration management because all you have to do is create a .container and .volume file in /etc/containers/systemd.

A big benefit of this is that, with the exception of Caddy, barely anything gets installed on the host operating system. I can comfortably run something like an Ubuntu LTS release without stubbing my toes on all the outdated packages for services I want to run. I can very easily replace a box and I don’t have to deal with package changes across Ubuntu releases. Since it’s all VMs I don’t need the latest and greatest kernel either. Caddy I get from upstream’s apt repositories and that’s it.

Backups

Replication is not backups. Data corruption will replicate. My VMs are regularly snapshotted, and Hetzner makes this pretty affordable. All my VMs have full-disk encryption and I’m the only one with the keys, so letting Hetzner store the snapshots doesn’t pose any additional risk.

The rest of my backups go to BorgBase, which is based in Malta. Backups are encrypted with keys the client has. The server never sees unencrypted chunks and has no ability to decrypt them, so there’s generally much less risk there too.

Conclusion

It’s a lot easier nowadays to self-host things. Between cloud VMs that you can quickly provision and containers for deploying services, self-hosting things requires significantly less arcane magic than it did in the mid-2000s. No hardware to deal with either. Backups can be done safely as well. But it’s still not accessible for a tech-challenged individual, even though some solutions exist to make it easier.

If you’re someone who has the ability to run this kind of infrastructure but maybe hasn’t for a while, I suggest you get some practice in. You might need it sooner than you think, and it’s better to not have to figure this out in a panic. Please consider talking to some friends as well, and see if you can band together to provide this type of infra for a small group or local community. Don’t do it for free though, unless you’re the only one depending on it.

tech  lgbtq