Skip to content(if available)orjump to list(if available)

The future is not self-hosted, but self-sovereign

The future is not self-hosted, but self-sovereign

48 comments

·July 27, 2025
Visit

poisonborz

Deeply disagree.

Looking at the current selfhosted landscape and saying "nice but nobody will want to do this" is like looking around in 1970 and saying "nobody will want to own computers, you just rent them for tasks".

I say this after copious amounts of invested time over a timespan of 15 years to selfhost. The software landscape changed immensely. Especially now with AI, the software output and ability to learn is night and day. Software projects specifically targeting selfhosting as a mission is a somewhat new phenomena, before we had small business/enterprise tools that just happened to be down-scaleable for personal needs. We're not very far off to have great - and not just okay - click-to-install solutions.

If you don't own your infra, you are dependent. "Community hosting" is just hosting with a less reliable and more finicky admin. E2E on corporate cloud is nice but the price and terms may change any day. E2E in cloud itself is under scrutiny. A for-profit will bow to whatever legal framework they operate in. They will always want to increase those profits, easiest way for that is at the cost of what they own: the userbase and their data.

Selfhosted security is an issue, but individual users are harder to scrape/target and offer less of a bounty beyond basic/defeatable script attacks.

Instead of a defeatist attitude why not just solve the issues, they're not that hard.

GianFabien

The majority of folks are consumers and unable and/or unwilling to handle the complexity of self-hosting, self-sovereignity, etc. They will gravitate to what is free and easy. There are no incentives for the major vendors to implement protocols that will threaten their massive advertising revenues.

If you decide to foster an online community, then you might end up being the tech support to that community. For many of us, that is not an appealing choice.

anonzzzies

There are no incentives until you get screwed over yourself. As an entrepreneur and long term (almost 40 years) owner of running businesses, I have been screwed over by anything from banks to insurers to couriers to, let's just name names, Google, Paypal, Stripe etc. Without recourse. But PERSONALLY, I have also been screwed by the same services, without recourse. And for that reason, I (try to) use services that I can visit and sue which means they need to be inside country where I live aka sovereign. I know I can sue Google theoretically but if it's not about 10m euros+, the Dutch lawyers/courts are going to tell me not to do it as it's not possible to even get a 'sorry' from American companies. While if it's a Dutch company, I just walk into their office and the CEO is going to explain to me why they did what they did. And because they know this, I have had my accounts reinstated when blocked, always can pick up the phone to 'my' account manager and IF they screw me, I know my rights and I will get a 'sorry' + money back without laywers. The actual 'I'll be at your office in 30 minutes' is usually enough to make anything happen.

(also, sitting with the owner / ceo very often results in them learning about something they actually did not know; a few months ago I went with bol.com managers through some process on their site which they didn't know was completely broken because of 'anti-fraud AI' and they kept blaming me (not only me, just 'dumb users'), so seeing them trying themselves and failing was hilarious)

noirscape

Cory Doctorow has a good term for what those big American tech companies do; rather than too big to fail, they're too big to care[0]. Because they've muscled all their meaningful competition out of the way (or at least think they do), they instead start ignoring support requests and increasingly alienating customers.

You'd think that eventually market forces would try to correct this, but in practice that doesn't happen because big companies can just buy out any entity that's an actual threat to them/cover so many areas that getting rid of them is nigh impossible. (There's some attempts to limit this from the EU and before 2025, the US as well, but a major part of the beef the US has with the EU is that they're trying to force these major tech companies to care again.)

[0]: https://pluralistic.net/2024/04/04/teach-me-how-to-shruggie/...

aetherspawn

Completely agree about working with companies in the same country so you actually get support, I learnt the hard way and now try and avoid overseas companies for this reason.

Calling out one company in-particular that we just got over an absolute nightmare of a messy divorce with, Freshworks. They are Indian-based, and their support in India treated us like we didn’t have any consumer rights at all after signing their SaaS contract (you know, one of those 1000 page things you have to sign when starting any random SaaS) and starting sending us random ludicrous invoices and refusing to ie downgrade the number of subscription seats or switch from annual to monthly billing, claiming that because we didn’t give them 60 days notice of reduction in seats we had to pay a whole year for the extra users blah blah blah, which might be legal in India, but is completely illegal in Australia.

anonzzzies

Ah yes, Freshworks... I could write a book about them :( Stay well away.

crinkly

Yeah been screwed here a couple of times. You have to treat all these companies as disposable. Use them until they piss you off. Do not build your entire universe on someone else's turf.

It's cheaper and more convenient to fuck something off quickly than sue them.

poisonborz

> There are no incentives for the major vendors to implement protocols that will threaten their massive advertising revenues.

In 1996 there were especially no incentives from corporations for a free operating system to exists, yet Linux was born on the back of a few hard working engineers and the whole industry catched up, it created a lot (if not the majority) of business. You can engineer ~free and easy self-hosting.

I agree it needs to be personal, there are no appealing middle-man options.

Ekaros

Substantial part of population can't even manage their router or simple devices say NAS... And by manage keep them up to date.

Now think of actually running something consistently. And react to changes in that... A task a few steps above.

MoreQARespect

>The majority of folks are consumers and unable and/or unwilling to handle the complexity of self-hosting

The majority of folks just want to text and call on their phones. They are unwilling to handle the complexity of having an entire computer in their pocket. -- 2006

>There are no incentives for the major vendors to implement protocols that will threaten their massive advertising revenues.

Right. And Yahoo didnt want to be a search engine. They wanted to be the home page of the internet.

chrisvalleybay

It was also unthinkable that everyone would have their own desktop computer at some point. If we were able to make self-hosting be as simple as having a desktop, it might be possible.

chii

> unthinkable that everyone would have their own desktop computer at some point

it was unthinkable not because people didn't want it, but that it costed too much back then. Half a mil for a microcomputer that took up a room?!

Current self-hosting requirements are similarly expensive - time and money. If someone were to sell an appliance for which you could just plug into the outlet, and you get it all, then it would be pretty good. Like a washing machine.

nradov

That hypothetical self hosting appliance would require constant system administration work, far worse than even the most complex "smart" washing machine.

dist-epoch

And these desktops today for 99% of people are just dumb terminals for the cloud where everything lives.

kragen

The same reasoning shows that most people will never own their own nuclear reactor, airplane, rifle, automobile, computer, refrigerator, or house, or raise their own children. So, while there is some truth in it, I think it may be leaving out some relevant factors.

rapsey

Not just majority, vast majority. This article is really about 0.01% of the population who is into this.

BinaryIgor

I still struggle to see what exact problems Decentralized Identifiers solve and how exactly they would make the Internet better. Ommiting additional complexity they bring - where to store them, how to control them etc. - what new use cases they would allow? How would they solve some of the incentives problems on the Internet we currently have?

Having controlled by the user public-private key pair instead of multiple accounts on a variety of platforms doesn't bring self-sovereigninty by itself. Whatever you post/publish must also be discoverable by other people - and that's where we go back to centralized platforms/services of today.

kindkang2024

> how exactly they would make the Internet better.

One key benefit is removing middlemen who may misuse aid.

Never underestimate human corruption—$100 million in aid might result in only $1 million truly helped those in need. This pattern is seen worldwide.

TimByte

You're right that discovery still tends to pull things back toward centralization. But if identity and data are portable by design, at least the gravitational pull of central platforms becomes more optional

pluto_modadic

Ah, yes, the cure is the magical token.

If you want a better future, make better self hosted apps, that are accessible, easy to set up, and don't lack features ordinary people ask for.

No fancy token ever beat an easy button. And no poorly built self hosting app is helping...

vaylian

The article argues for interoperability through standardized protocols. Freedom is achieved through the possibility to move one's own data to a different host when the current host becomes problematic. Either host can be a commercial service, a friend's computer or your own server. Self-hosting is only one option among several in this model.

If you want to share individual pieces of data like photos then this probably works fine. But once you want to serve connected pieces of data that require storage in a relational database, then this will probably become a lot harder to handle, because you need well-defined procedures to piece together data instead of just returning a self-contained blob.

throwawayexmple

'Decentralized Identifiers' centralise identity in the DID. That's tautological.

Thus that in itself fails an idea of sovereignty: that choosing to be identified uniquely is your choice.

Barking down this alley, while useful from the perspective of NFTs, does not add much to the concept of actual sovereignty.

AstralStorm

Nah, if you run your own identity service, you're supposed to be able to issue any number of unverified identities yourself.

The problem there is that others do not play at all with these, plus actual trust has to be somehow solved.

Typical solutions to trust in DID involve either a big central service, a government approved signature... Or theoretically a distributed web of trust but that bit is under development.

austin-cheney

The thing that got me into self hosting is the phone App Store. I started writing personal applications to do what the media apps on the App Store could not. The results have been amazing and the required effort is less than I expected.

salmonellaeater

What are some personal applications you created to fill these gaps?

austin-cheney

* A media player with playlist of local media that executes in a web browser.

* proxies for http and WebSockets. Apache made this challenging and I thought I could do it better. I can now spin up servers in seconds and serve http and WebSockets on the same port

* tools to test dns, http, WebSockets, hashes, certificate creation, and more

vjerancrnjak

Music player that does not skip 1 second of next track, scans my big library in a second.

harel

I did a fair bit of work in this world of self sovereign identity a couple years ago. We abandoned the project because we felt it won't get adoption. We also embedded a verifiable credentials in a CRM making it as a platform to manage VCs at scale and nobody cared. Most people don't care it seems. Or maybe it's just too future tech and we're not there yet.

pferde

The good news is that every self-hoster will be more than happy to start using this hypothetical self-sovereign solution with their data, if and when it becomes available.

I know I would. I'm just not smart enough, nor have the correct kind of experience to start designing, building or evangelizing such solution, so I am stuck waiting for someone else.

A good example is ForgeFed, which I can't wait to mature enough to be usable.

kennywinker

> This blog post was drafted with the help of a language model, but all opinions expressed are my own

Why not post the prompts, it’ll be a shorter read with presumably the same amount of new information.

robmao

The prompt is much longer and less structured than the blog post.

Imustaskforhelp

I am not a writer and the blog posts I have built are really long and I am pretty sure that noone except myself have read them, but I really feel as if I use AI quite a lot to code some one off projects and nowadays a general overreliance on them too.

I am pretty sure that sure, it might be more tedious to actually manage your thoughts into more structured format to present to a larger audience and you might think that AI is meant for such tasks but I personally feel as if there is something about using AI in writing that feels sloppy most of the times.

Write bad but original. Maybe it won't get to the top of the HN, but you get the widest amount of freedom if you are really passionate about writing.

(I am thinking of stopping to use AI / using AI to just teach me things if I find a need to create a project that I am genuinely curious to build myself)

TimByte

The idea of self-sovereignty being protocol-based rather than infrastructure-based is both compelling and challenging

nirui

> We don’t need more “alternatives” to the cloud. We need a shift in architecture—from platform-centric to protocol-centric systems.

Nice idea, but that alone is not enough.

The POP3/SMTP protocol is still a server-client based model, and such model naturally gravitates towards centralized systems which leads to the problem we're facing today.

In my opinion, to encourage self-sovereignty, a protocol should decouple the creator and the publisher. The information created by the creator can be published on multiple publisher platforms selected/directed by the creator.

And ideally the creator should be able to directly sharing information with other creators too, like a P2P system. This should also help reduce the risk of information leaking thus more secure.

The protocol also needs to be flexible enough that it can adopt the needs of more modern users too, otherwise you'll found yourself back at the start line few years later.

P.S. If you think this comment is very empty, that's because it is. I've observed quite a few P2P based protocols over these years failing to gain popularity... this is one of the things really hard to get it right. I don't know how to do it, and many way smarter people also failed to do it. So, yeah, that's why this comment is so empty. But hey, if you can get it right, maybe they should give you a Nobel or something.

tonyhart7

but creating new protocol (standards) also more harder, we can see the example with RCS message google try to push and that require a lot of effort even from big tech