Guidelines

APSSA membres strive to apply the following guidelines in their self-hosting operations:

Free software

We only use FLOSS.

Privacy & security

We value our user's privacy and will never hand over any user information, not even to other alliance members, without the user's consent. The goal is not to police and surveil our users but only provide good services. As such, we:

• Only provide access to our services through encrypted channels (eg. TLS)
• Only store data on encrypted disks
• Keep our software up-to-date
• Keep no or very little logs

If our users wish to close an account, we delete all data associated with it as soon as possible.

Data ownership

User data is theirs and they can leave with it when they want to. At their request, we will hand out copies of their user's data within a reasonable timeframe.

DIY

As much as possible, we run services ourselves, on our own machines, in our own premises. This is not a federation of commercially hosted servers: while we may use "the cloud" and such resources for load distribution in case we get slashdotted or for redundancy, this is not the norm.

As they say elsewhere, "there is no cloud, it's just someone else's computer".

Other ideas

Automation

Hard parts should be automated (puppet?) so people can simply run recipes (and so we can have something uniform across servers too)