[quesera]

Yikes, I'd strongly discourage unfiltered ingress PAT to your desktop machine.

I know you have acknowledged the decision to entrust nginx with all of your personal data and tax records and bank statements and legal documents and browser history and GitHub credentials and ssh private keys and so on.

But it's still madness. You are one oversight, accident, or bug away from total pwnage.

[superkuh]

All of this applies to using your browser and your browser automatically executes code from random sources. If this is your threat model then how are you even posting on HN? Shut down that insecure browser quickly. It is tens of thousands of times more likely to expose your personal data etc etc than nginx.

Running nginx isn't madness. Thinking nginx is more of a risk, or even comparable to, your normal daily browser behavior certainly is.

Go look up the last nginx RCE. I think you'll be in the 2000s for just bare nginx.

[quesera]

You are not educating me in any way. And obviously I don't browse with JavaScript enabled.

We could go back and forth all day about the likelihood of a v8 sandbox escape vs RCE in a big C program. But another risk to consider is a non-obvious misconfiguration. A default server block with a wildcard server name. A stray symlink inside the docroot. An unexpected mount point. A temporary config change that you forget to revert. So many ways to fail...

Regardless, trusting your entire personal data security to a single layer of protection is madness.

Perhaps only exceeded by the logic of "it hasn't happened for a long time, therefore it will never happen again".

Good luck.

[superkuh]

I guess you're right. Humans make mistakes so we should just not have any control where we might make a mistake at all and host all our personal data at large corporations who definitely have our privacy as the #1 priority and never leak. And before you say, "I don't do that, false dichotomy." we're not talking about us, here, it seems. Since we both are obviously huge nerds capable of securing things (I have js disabled by default too). We're talking about the type of person that runs javascript.

[quesera]

I thought we were talking about blog posts.

Host your personal data on your local machine. Encrypt it and sync to another physical location for backup.

But serve your blog from somewhere else. If you want to self-host it at home, buy a cheap NUC (or RPi) and hang it off the guest network on your WiFi router. Or, minimally, a VM or a zone/jail/container. I don't like the idea of a compromised host sitting on my home LAN, but it's better than a compromised daemon running on my desktop OS.

Or don't self-host at home, but mirror the data up to GitHub Pages or Cloudflare Pages for free. Or pay for a cheap VPS (people elsewhere in these comments mentioned a $20/yr host). Or OVH, Hetzner, even AWS low-spec instances...all reasonable options.

If you're no longer talking about blog posts, but you want worldwide access to arbitrary personal data on your home desktop, that's a job for a VPN -- preferably one that still does not terminate on your desktop itself, and of course not one that gives a sketchy third party direct access to the desktop.

I completely agree that pushing your personal files and such up to Dropbox (e.g., etc) would also be madness!

You say we're not talking about us, but I'm responding to your specific mention that you serve blog posts to the public Internet from nginx running on your desktop. We may not be able to help to average consumer, but I'm talking about you! :)

[superkuh]

>but I'm talking about you! :)

I am confident in my digital security for my threat model. Physical security, less so. The only time my data has ever been taken was when the FBI broke into my apartment at 6am in 2010 and held me at gunpoint and stole every computer in my apartment. They never charged me with a crime, never even indicted me. It was all just the feds squashing political dissent back in the Occupy wallstreet days and I was one of hundreds on the mass warrant issued for that morning's cross-country raids meant to intimidate and destroy lives. As was the FBI's style, they stole all the bitcoin I had on those computers, which I discovered when they kindly returned them (in parts) 10+ years later in 2021.

I'd argue the real risk for me living in the USA is not from random hackers finding a unicorn nginx RCE (or me misconfiguring), but from the government. And they're going to come in the front door not through my computer.

Given the state of things I think this applies to far more people than just me. So start up those home static servers. It's a relatively low risk, all things considered. And free communication with other humans, not shaped by corporate policy and opinion shaping, might just mitigate the government problem a bit.