Whenever news breaks of bad decisions from a popular product, there's a flurry of recommendations of various alternatives, and in that mix there's always folks extolling the virtues of hosting your own.
As a person who works on security for an open source project, my spicy take is this: unless you enjoy being your own sysadmin (some folks do!), any hosted solution from a vendor that is currently reputable and currently has acceptable terms is a better, safer option than self-hosting.
BUT folks who are all in on hosting their own stuff are folks who've already accepted all the trade-offs. And the ones who are dogmatic about it to the point of claiming it's the only good option have not just accepted the trade-offs, but have either forgotten them or are intentionally minimizing them.
Even leaving aside time, cost, and convenience: a hosted solution is likely to protect your security and privacy better than you do.
If that's not true of you personally, okay! This recommendation isn't for you! Host your own stuff on your own server in your own basement, where you promptly apply all updates to your entire toolchain and regularly audit your own logs.
Most people are not going to do that, and even if only from a harm reduction standpoint, the best option for security (and by extension, privacy) is the option that will be maintained.
Also not to be all "and yet you participate in society," but a lot of "host your own" folks don't actually host their own. They rent server space from a cloud provider, or from a web host who's renting from a cloud provider, and they often work with multiple vendors for various pieces of their infrastructure.
Which is completely fine, and again usually safer than actually self-hosting. But if someone's calling you a vassal to technocapitalism while hosting on AWS, it's okay to laugh at them.
There is always a risk in putting information in a place where other people can reach it. Those risks don't look the same for everyone—not just in terms of what you have to lose, but in terms of who might try to take it.
The best option for you is the one that best protects you from the threats you, personally, have to worry about. Someone so doesn't know you or your needs can't tell you that any given solution is objectively the best/safest option for you. Security doesn't work like that.
What we can do is tell you what the best options and practices are *for most people,* or for most people with particular risk factors. That's how experts can provide general security guidance, and it's how I can tell you that for most people, hosted options are more secure. Because they're more likely to put your data under the care of someone whose job it is to think about this stuff so you don't have to.
Your mileage may vary - but that's the point.
@Annalee Precisely!
And to avoid #UnderdogBias I'd not choose what I'd use myself but what I'd setup for my mother knowing that I'd be damned in perpetuality [or at least her lifetime] to mainain or at least support it.
And choosing some #SaaS / #ManagedHosting based of #FLOSS of my choice would be the way to go...
https://mstdn.social/@kkarhan/110849693536902509
@[email protected] OR you could just choose a #ManagedHosting provider where someone is being paid for keeping stuff updated and secure. Just like with #Mailservers, #Wordpress or whatever application one wants hosted. It's not as if #SelfHosting is without alternative and choosing a #FLOSS solution that multiple providers offer as #managed / #SaaS offering is my go-to recommendation espechally for SMEs and Users that can't afford personnel hours needed to properly #SelfHost!
Exactly!
Because whilst #OpenBSD is propably the safest Operating System that one can hook up to the Internet out-of-the-box, noone's gonna yeet all their #Linux boxes out and force themselves to migrate everything to it.
Just because I know people who earned their living doing #Mailservers on #OpenBSD doesn't mean it's something I'd recommend to anyone even if on paper that's the "most secure option"...
@Annalee yep, this is a great point that sometimes privacy advocates miss entirely. If someone is determined enough, they WILL get your data. It’s all about what you realistically want to guard against, balanced with convenience.
I COULD run my own email server and secure storage vault, but that would be too much of a pain. It would make my life way too much of a hassle. And since nation states aren’t after me, why put myself through that?
Take the privacy precautions that make sense for you
Annalee
Kevin Karhan 
R. Leigh Hennig