As a true advocate of privacy, online security, and freedom, a VPN is a tool I can’t do without. However, the more deeply I reflect upon how a VPN works, the more I realize that all I’m doing is shifting the responsibility of my privacy to someone else, and this doesn’t necessarily make me safer.
My online privacy and security are a responsibility that should rest solely with me. For this reason, I switched to self-hosting some of my favorite apps, and it has taught me more about online privacy than any VPN ever could.
The trust issue
Privacy shifts when you hold the keys
As far as privacy goes, trust is deeply underrated, and for years, I assumed that VPNs would fix the trust problem. My reasoning was simple: since I was no longer exposed to my ISP, I was safe. However, in reality, the only thing that changed was that I had chosen to trust a VPN over my ISP, even though I had no way of verifying VPN companies’ promises.
There was a shift in mindset when I started self-hosting my open-source note-taking app. The custody chain ended with me. So, if I had a data leak, I had no faceless provider to blame. When storage failed, I had no silent redundancy in the cloud. Backups, passwords, and updates were entirely my responsibility.
Even though this burden hits hard at first, it comes with a strangely liberating awakening that replaces blind faith with awareness. Self-hosting gave me absolute control, and privacy became an internal discipline I practice.
The invisible trail you can’t hide
When I first set up my email server, I could see headers, sender routes, and timestamps without opening the message body. This showed that digital actions leave a trail of associated, behind-the-scenes information: your metadata.
Typically, VPNs will mask your IP, but what happens to the metadata? They don’t mask the size of files you send or the patterns of whom you contact. When you self-host, these behind-the-scenes elements stop being abstract. You can see the metadata accumulate, and it gives a sense of how easily you can infer without reading a person’s messages.
With this realization, I was certain that encryption is the bare minimum. We’re still very vulnerable to what we believe are harmless traces. These traces reveal when you communicate, with whom, and how often. Of course, self-hosting didn’t make me invisible, but it made me literate. I began to appreciate the significance of small, consistent efforts and how they shape a person’s online presence.
To put this in perspective, if you use a health app, a VPN might hide your IP address, or the country you are visiting from, but it does not conceal the fact that you connect to a mental health or a fertility clinic app at specific times and dates every month. This is a data trail that may be sold to brokers or used to create a personal profile of you.
Threat exposure
Learning my real attack surface
My understanding of security was vague at best before I started self-hosting. While VPNs shielded me, I never really knew or considered the attacks that lurked behind the scenes. With VPNs, I outsource configuration of the network, ports, and software, so the risks are abstracted away.
This instantly changed when I self-hosted. I was configuring firewalls, reading through logs, and in larger setups, responding to failed login attempts. I was noticing scans from unrecognized IPs, login attempts from distant countries, and probes targeting outdated services.
You can be exposed even when nothing seems wrong. So, I stopped wondering if I could be a target, but rather asked how quickly and deliberately I could respond. I have become more vigilant.
The self-hosting trade-offs
Privacy costs effort, not money
Without even trying, I assumed privacy would be a very expensive venture. I was calculating the cost of buying specialized hardware, renting servers, or maybe paying for premium services. But in reality, that wasn’t the case, and the financial cost was minimal. I repurposed an old laptop and used free software. However, what I saved in money, I paid for in the hidden costs of convenience.
Self-hosting meant goodbye to several mainstream services and the convenience that comes with them. No more automatic backups to Google Photos or iCloud, and no Single Sign-On (SSO) via Google. Almost every action required manual effort.
Making deliberate choices about data handling gives you some sense of ownership, but controlling costs requires effort, and the more friction you accept, the more control you retain.
It’s time to consider self-hosting
I must say, I don’t self-host everything — less than a third of my software is self-hosted because it requires commitment, time, and effort I don’t always have. However, I will self-host my note-taking app and any other apps or services that handle highly personal data.
That said, even with this limited exposure to self-hosting, my perspective and understanding of data have changed. Running your own servers may not be the ultimate requirement for privacy, but it’s an eye-opener to the cost of convenience and the effort that total control demands. So yes, I will self-host as much as I can, with an awareness of my limits and a clarity about what true privacy really means.
