Comment by superkuh
5 days ago
All of this applies to using your browser and your browser automatically executes code from random sources. If this is your threat model then how are you even posting on HN? Shut down that insecure browser quickly. It is tens of thousands of times more likely to expose your personal data etc etc than nginx.
Running nginx isn't madness. Thinking nginx is more of a risk, or even comparable to, your normal daily browser behavior certainly is.
Go look up the last nginx RCE. I think you'll be in the 2000s for just bare nginx.
You are not educating me in any way. And obviously I don't browse with JavaScript enabled.
We could go back and forth all day about the likelihood of a v8 sandbox escape vs RCE in a big C program. But another risk to consider is a non-obvious misconfiguration. A default server block with a wildcard server name. A stray symlink inside the docroot. An unexpected mount point. A temporary config change that you forget to revert. So many ways to fail...
Regardless, trusting your entire personal data security to a single layer of protection is madness.
Perhaps only exceeded by the logic of "it hasn't happened for a long time, therefore it will never happen again".
Good luck.
I guess you're right. Humans make mistakes so we should just not have any control where we might make a mistake at all and host all our personal data at large corporations who definitely have our privacy as the #1 priority and never leak. And before you say, "I don't do that, false dichotomy." we're not talking about us, here, it seems. Since we both are obviously huge nerds capable of securing things (I have js disabled by default too). We're talking about the type of person that runs javascript.
I thought we were talking about blog posts.
Host your personal data on your local machine. Encrypt it and sync to another physical location for backup.
But serve your blog from somewhere else. If you want to self-host it at home, buy a cheap NUC (or RPi) and hang it off the guest network on your WiFi router. Or, minimally, a VM or a zone/jail/container. I don't like the idea of a compromised host sitting on my home LAN, but it's better than a compromised daemon running on my desktop OS.
Or don't self-host at home, but mirror the data up to GitHub Pages or Cloudflare Pages for free. Or pay for a cheap VPS (people elsewhere in these comments mentioned a $20/yr host). Or OVH, Hetzner, even AWS low-spec instances...all reasonable options.
If you're no longer talking about blog posts, but you want worldwide access to arbitrary personal data on your home desktop, that's a job for a VPN -- preferably one that still does not terminate on your desktop itself, and of course not one that gives a sketchy third party direct access to the desktop.
I completely agree that pushing your personal files and such up to Dropbox (e.g., etc) would also be madness!
You say we're not talking about us, but I'm responding to your specific mention that you serve blog posts to the public Internet from nginx running on your desktop. We may not be able to help to average consumer, but I'm talking about you! :)
1 reply →