Over at MoTW, The Didact posts some good and solid information on getting yourself protected and unplugged from as much constant monitoring by Big Tech as possible. It's a good start.
A few notes to add once you've processed all of that.
One, VPNs. I won't knock Surfshark - I haven't used it, and it seems to hold up OK review-wise. I've leaned more on NordVPN, and am seriously eyeing ProtonVPN by the same guys who bring you Protonmail.
Speaking of which - and in alignment with getting away from the cult of "free" - a paid protonmail account is a nice thing to have, with full end-to-end encryption to other proton-based accounts, and easy management of PGP keys for non-proton addresses, if the recipient has one. They can also act as the mail host for a domain, as picked up via namecheap, dreamhost, and epik.
For hosting - I keep getting pointed back to dreahmost. A2, mentioned in the post, looks solid, and would be a good starting point if what you want is a wordpress/Drupal/Joomla site, or a forum based off of phpBB. For that matter, I've had the equivalent product at Dreamhost choke on available memory limits, which prompted my move to Digital Ocean.
So why am I not staying on Digital Ocean, despite their very nice UI and VM management, nevermind all the prepackaged droplets?
Well, Dreamhost does have a reasonably proced, if klunky, Openstack-based VPS product. More to the point, unlike DO, and a number of other hosting sites (VULTR and others, nevermind that the point is to get away from AWS, Azure, and Google), there is no vague "hate speech" line item in the TOS.
Also - I want to run several applications that won't interact well with Cpanel or other VPS setups that aren't, like AWS and DO and DH, bare bones linux.
This isn't to say that there aren't easier ways to manage some of this stuff on your own server. than to do the entire install yourself. I've spun up my own ghost install, nodeBBS install, and others from scratch. Discourse, for example, is a very easy BBS to set up on a bare server as it's basically a Docker container, but other packages can be much less simple - agonizingly so. In that case, take a look at Cloudron - it's a containerized package management system that can be run on any bare hardware or virtual instance running Ubuntu 18 or 20. Point my.mydomainname.com at it, run a few commands at the shell, answer a few prompts, and you're ready to go. Some useful packages it brings to the table other than Wordpress are:
- Teamspeak - privately hosted voice messaging without Discord listening in.
- Discourse and NodeBB bulletin board systems. Again, a privately hosted dicussion forum for friends, can easily be made invite-only.
- The Ghost blogging platform.
- FreshRSS and TinyRSS - so you can move your feed reader out of Google/Freshservice/etc., but still access it from multiple computers.
- Wallabag - a solid replacement for Instapaper and GetPocket, again, without the ties to Google, Facebook, and so on. It allows you to easily download PDFs of the article for archiving.
- A barebones LAMP stack for custom websites (no, no NGINX, or node.js, oddly).
While you have to maintain an account to access the app store, it's "free" for up to two apps. A subscription runs $15 a month (annual) per server or $30 (monthly), to unlock as many as your server memory and storage can handle. Backups are well handled. Other than cloud services - with your own encryption in place of the backups, which can then be pulled down to a local server/home NAS - you can also back up to the local file system. This allows you to mount a secondary volume, separate from the main volume of the VM, that can a) be copied down from using "scp" or similar utilities from a home server, and b) broken off and attached to a new instance for faster recoveries. It does require a bit of tech savvy - but nowhere near as much as installing severl of the available packages does.
A note on VPNs in general, and using a hosted server for RSS/reading.
Google and Facebook have ways to tie you to any device with their accounts on it, and tie it to you, even if you are connecting "anonymously" over a VPN. If your browser has a gmail account open on it, especially if it's Chrome, Google knows that "billybob@gmail.com" is accessing the VPN at the same time and from the same address where that browser is going to badthink.com , no matter what IP it's from.
I strongly suggest that if you're using a VPN because you're going to be browsing places that are not in accodance to the mainstream, vice simply keeping local snoops from reading your traffic, that you either get a dedicated computer for the job, or at minimum, a dedicated virtual instance, and:
- Never, ever add any google/etc account to that device or instance, period.
- Always bring up a VPN before browsing on that computer/instance.
- Don't use it for daily/regular household items like utility payments/etc.
- Minimize, better, completely avoid, any overlap in accounts used between your regular computer and what you use for anything to the right of Mao.