Depending on Third Party Services When Self-Hosting

In our drive to take control of our web presence by self-hosting our services from home, it seems contradictory to depend on 3rd party services to make it all work. Companies like Mailgun, Tailscale, Cloudflare, Netlify, NextDNS, Linode, AWS, ngrok, and many more offer compelling solutions to the endless challenges of self-hosting. But does using them mean we are fooling ourselves about our independence from big tech?

Here is how I think of things as I decide what to use in my own home, and what I integrate into Dropserver.

Questions I ask myself

Naturally I ask myself if the service trustworthy and reliable, but a “yes” answer isn’t good enough. Services change, get bought, pivot and generally enshitt– No, it’s the first day of 2025, I won’t start the year by overusing 2024’s biggest word.

In any case it’s best to assume the worst and ask questions like these:

What are the consequences if it goes away?

If I depend on a service in my home-hosting setup, what are the consequences of the service going down, or becoming unusable? Is my instance dead? how much work to switch to something different?

Is there a drop-in replacement for the service? Can I actually use the replacement now or is the API different and we need to go beg maintainers of projects to support different services?

Are there less convenient but workable ways of getting around the loss of the service that I can actually implement in a reasonable amount of time?

How much of my data can the service harvest?

I’m sure the third party service says they’ll “never sell your data or use it to train LLMs” or whatever. But it’s just words. We all know how these things go. So what matters is how much of your data is actually visible to them? And are you OK with them breaking their promises with that data?

An email sending service like Mailgun sees the content and the recipient address. Depending on the kind of emails you send, that may be OK. Perhaps you use it to send notifications of mundane events. On the other hand maybe you use it to send out a very personal news to friends, in which case you have to decide if it’s OK for them to have that.

Another factor to consider is whether this data can be protected at all? Netlify may see every page on my website, but that website is public anyways, so it’s likely getting harvested whether I like it or not.

Can the service hold my data hostage?

How much data is held exclusively by that service? If I keep a bunch of files on an S3 storage service then that service’s disappearance might have profound consequences for me. You might say “oh come on that will never happen”. Perhaps, but consider that you might lose access to your account if, say, they accuse you of being a spammer for whatever reason. Your data is as good as gone in that case.

Given that one of the major reasons for self-hosting is data sovereignty, this is a big no-no. If I were to use an external storage service, I’d make sure I have copies of files in a completely independent service or a local drive.

An other service that might hold critical data is newsletter sending services. They usually manage the subscriptions and hold the data for all your subscribers. Make sure that stuff can be downloaded and imported elsewhere, and set up an automated recurring job that downloads that data locally.

Some services will have some data that is exclusively under their control. Ask yourself if you can live without it and act accordingly.

Escape hatches for 3rd party services

Given the above, what might we look for in 3rd party services for our home-hosting setup?

Use generic services

If I have a virtual machine on DigitalOcean and I stop trusting that company, I can create the same VM on Linode. Virtual machines are not a proprietary thing. To make sure I can do this readily, I should make sure data from the machine is backed up outside of DO and that I can recreate the VM quickly using infrastructure as code.

Even easier: many email sending services let you use SMTP to send through them, so with a little config change, you’ve escaped. This is good.

Use services that have open source self-hosted versions

While you probably signed up for a service because it was easy and convenient, if faced with a loss self-hosting their solution is less bad than being completely stuck. It’s an escape hatch. You don’t want to use it, and with some luck you won’t have to any time soon, but you definitely don’t want to be without it.

Use services that let you download data unattended

If the service holds data that you don’t want to lose, only use it if you can reliably and automatically download your critical data in usable form.

Closing thoughts

Personally I find that using third party services to help me with self-hosting is a good move. Their value is well worth the cost of a small inconvenience if I have to switch.

I think of commercial services as more tools in my toolbox. These tools do not displace my existing trustworthy tools, I can take advantage of them, but I have options if they become troublesome. I just make sure I don’t give my whole toolbox to a third party!

Different strokes for different folks

When evaluating the questions above absolutists will end up declining to use every third party service they can, and that’s fine.

My ambition with Dropserver is to (some day) bring home-hosting of personal web services to a broader audience. I’m pretty sure at this point it’s impossible without the help of third party commercial services to simplify the process. The key will be to thoughtfully integrate some services that help home-hosting without defeating the whole purpose.

Olivier Forget

Los Angeles, USA
RSS Email Mastodon

Aerospace Engineer turned sofware developer and bootstrappin' entrepreneur.