For folks that are unable to port forward on the local router (eg CGNAT) I made this post on doing it via a VPS. I’ve scoured the internet and didn’t find a complete guide.

    • Schlemmy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      26
      ·
      2 months ago

      I’ve set up some tunnels. Works nice but then the voices came. ‘Why would you trust a company like Cloudflare with all your data?’ ‘Why rely on this one company for all your services?’

      Nearly a year into my selfhosting journey and I’m more confused than ever.

      • EmbarrassedDrum@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 month ago

        tl;dr: classic convenience/privacy. depends on your threat model. surely better than Google. models of zero trust will help.

        That’s a great question, that I have asked myself before too. It doesn’t have one answer, and any one would make their own choices based on their own respective threat model. I’ll answer you with some of my thoughts, and why I do use their services.

        I’ll take as an example my usage of NextCloud, coming as a replacement to Google Drive for example.

        let’s break up the setups:

        1. client (mobile app, desktop client, browser)
        2. communication to server
        3. server

        It’s oversimplified, but to the point: In Google’s setup, you have control of 0 out of three things.

        1. you use their closed source client, 2. they decide the communication to the server (if there’s any CDN, where their servers located, TLS version), and 3. data is on their servers, wether encrypted or not is up to them.

        In NextCloud’s setup,

        1. The clients are open source (you can varify them, or build your own),
        2. communication to server is up to you. and in this case you trust your data with CF, that’s right. gonna have to trust them.
        3. server is your server, and you encrypt the files how you want.

        From just this look, NC is clearly better off. now, it’s not perfect, and each one will do their own convenience vs privacy deal and decide their deal.

        If you deploy some sort of e2ee, the severity level of CF drops even more, because they’re exposed to less data. specifically for NC they do do e2ee, but each solution to its own. https://nextcloud.com/encryption/ this goes as an example for zero trust model. if you handle the encryption yourself (like using an e2ee service), you don’t have to trust the medium your data is going through. like the open internet.

        • Schlemmy@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 month ago

          Thanks. I agree with your conclusion. I probably have spent too much time in privacy communities. In the end you’ll have to trust someone.

        • fmstrat@lemmy.nowsci.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 month ago

          surely better than Google

          This contradicts your threat model comment, though. If you fear Google’s access to your data, you fear nation states, or hate Google. Cloudflare is in the same boat for size, scope, and US ownership.

          • EmbarrassedDrum@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            Obviously I’m not avoiding it all together, but I’m taking a step in the right direction.

            And it’s not just replacing Google by CF, because CF has much less access in comparison as I explain.

            you can deploy some zero trust models in your setup, and eliminate the threat even further. for example end to end encryption

            • fmstrat@lemmy.nowsci.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 month ago

              Oh yes, wasn’t trying to say it was a bad decision at all. If it fits your threat model, and it makes life easier, it’s probably the right choice.

    • ntn888@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      10
      ·
      2 months ago

      Yeah it’s a popular choice for various things. But wouldn’t it be against TOS using it for p2p and that amount of traffic?

      • EmbarrassedDrum@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        1 month ago

        gotta admit I haven’t read the ToS, but I didn’t encounter any problems. I’m streaming GBs of music via the tunnel and it still works. p2p I didn’t try, but I don’t really see a reason to?

        • asap@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 month ago

          Just remember that Cloudflare decrypts and re-encrypts all your data, so they can read absolutely everything that passes through those tunnels.

          • EmbarrassedDrum@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 month ago

            mind elaborating?

            If I let them handle the TLS for me then I can see that. but if, for example, I’m using NextCloud, which implement end to end encryption from client to server, then I wouldn’t care if they did, no?

        • ntn888@lemmy.mlOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 month ago

          Huh, good to know. I’m out remember some of us have traffic in the TBs pretty month!