Okay, so I am working on setting up servers in a secure way which is resistant to interference from hostile governments and outside entities surveillance for hosting hubzilla.
Let me know if anyone has any other ideas along these lines.
Here are the things I have done:
1) Set up a VPS in Iceland, hosted by a company which does not gather any personal information about me, and has what I believe to be the most stringent personal privacy laws in the world.
2) Paid with bitcoin and used a relatively difficult to connect to me bitcoin address to pay - giving up no information about myself.
3) Set up the admin accounts through an encrypted email account (protonmail) hosted in Switzerland.
4) Used a domain name hosted in a small country without agreements with the US government to seize the domain name.
Posting this message of course, connects me to the entire process, but keeping the formation from being connected to me was not my goal, as I have made a personal decision to work in the open and in public to advocate on behalf of this cause, so it will not take any kind of detective work to know it is my server (if you follow this advice and that your goal is to not connect yourself with the server, don't post a message about doing it in public with an identity that is connected to you).
The point of taking these measures for me is to specifically resist the site being taken down by the US government or anyone who uses it being tracked or monitored by the US government (or any government that is sharing information with the US government). I do believe these measures will be helpful to avoid issues with other governments as well, but at the moment the US is my primary concern. Also to place the server outside of the reach and scope of US law about what is illegal and legal to be doing on and with the server.
I am going to host a hubzilla instance on this new server to be the focal point of a project I am working on which I believe may be unpopular with our government here, and want to have a safe and private place for communication and collaboration on projects which support true freedom for those living in oppressive regimes all over the world. I currently believe we qualify in the US, but I am hoping the new server will be more private and resistant to reconnaissance than most for most people in the world.
I am also considering hosting a server on private hardware in a personal space of my own on my own hardware, which has some increased privacy in some ways, but obviously is more likely to fall under the control of a governmental agency if they decide they are entitled to it and interested enough to serve warrants and come and get it. I am currently leaning in the direction of keeping all three servers and backing up my profiles (channels) across them to the extent that makes sense:
1) locally hosted and not very resistant to the government (cheap) for high volume and not highly sensitive content and contacts
2) server hosted in privacy respected countries using the above mentioned methods (more expensive) for most communications and information sharing that might be important to keep private
3) personally hosted on private hardware in private space (different strengths and weaknesses, also expensive) for anything that seems to fit better in this space, and for which exposing the information to the staff of the hosting company in #2 seems like a bad idea.
Anyone who has thought much about these types of issues, I am very open to any input or ideas or conversation that might be interesting.
@Hubzilla Support Forum+