SelfPrivacy is in "Open beta" and promises to make setup and use of email, messager, password management, video chat and other services simple by leveraging the likes of Hetzner, Cloudflare, and Backblaze.
I stumbled on the app while browsing the F-droid app "store" and had never heard of them. I think the proposition is neat and while I'm comfortable hosting most of these services myself, my curiosity has been piqued. Searching for it elsewhere on the web as far as privacy rating, reviews, etc has left me empty handed. I dont' know if they're just too new or not. So I'm curious if anyone has tried them out or looked into it further.
OR, you can create a single attack vector that can potentially be exploited and put everything at risk, at the same time.
If you've ever worked in, or adjacent to, IT, then you've heard the phase "single pane of glass", meaning you can manage all your infrastructure, or IOT, through a single terminal/UI.
This is basically a single pane of glass that you're getting through a side loaded repo, to manage your entire digital life. That means it can also become a single pane of glass for anyone able to exploit that application i.e. supply chain attack, phone AND/OR app specific vulnerabilities, etc.
The other side of that being Security through Obscurity.
If you're not running all your stuff through a major well-known host like Google or Amazon you're less likely to be a target than if you're just self-hosting.
Supposedly Google and Amazon have "good" security, but they still get hacked.
I tried them a couple days ago, got to setting up Hetzner API, had my account rejected a bunch of times, found out Hetzner team is infamous for rejecting new accounts and cancelling old accounts by the whims of their 'protection systems', realized the only other hosting option supported by SelfPrivacy is Digital Ocean, noped out of it all
I get the reason behind it, and support it too, but it doesn't make a good impression when your account gets rejected despite every information being correct just because you signed up using a VPN (I can't verify that VPN is the reason, but it has been suggested elsewhere to be a cause for suspicion on their part).