Having some knowlege in IT and being aware of possible

attack vectors, I don't trust anything unless it's hosted on hardware which is 100% under my control. Now we need to define trust. I trust my friends that they aren't going to take my laptop while I'm not watching and read my personal messages or upload a virus onto the laptop. This doesn't mean I'm not going to lock my PC whenever I'm not using it. Why? Because just by giving someone the ability to do damage I can no longer verify 100% to a scientific / factual certainty the fact that such damage hasn't been done. Again, I trust my friends. But being paranoid as I am, I can't rule out the mere possibility of an attack. If it's at all physically possible, my personal trust means nothing. If it's possible to do, I cannot prove that it hasn't been done.

So, for me, trusting anyone or anything with raw unecrypted personal data would probably mean I'm ignorant of the fact that it is theoretically possible for one to betray such trust. One exception would be having a local client which encrypts data before sending it to the server, but even this is questionable.

So I tend to avoid any web "service" in favor of programs I can run locally. Why should I need a web service for converting video / audio to another format when I have ffmpeg? Why should I have a task management system online which I can't control or change to my liking when I can install a FOSS program on my devices and just sync them myself? The only thing I can come up with at the moment that absolutely NEEDS to be on a server is email and hosting it from home isn't a great experience so I'm planning on running a mail server on a VPS, but I have more urgent tasks so that's still just in the planning stage. And even when I set it up, who is to say that my data is safe? Nothing stops the VPS provider from reading contents of RAM allocated to my VM, right? If I specifically were to be targeted, I'd lose no matter what I did. The only thing that saves me is that I've done nothing to be targeted by an entity powerful enough to attack me. Oh wait... I still haven't set up encrypted DNS from multiple providers and something to check that these providers return the same answer for the same query. Oh sh**...

I hope now you understand how paranoid I am?

As for your initial question I would only use a FOSS web service for data that I intend to be available publicly. For example, I'm fine with using gitlab until I set up my own git server to be used in addition to gitlab. As for personal data... nope, it stays with me: on my hardware (of VPS if I really have to). Of course I try to be reasonable and make some exceptions for work and university related stuff. I guess I can't go full Stallman mode ¯\_(ツ)_/¯

Mm that's quite interesting :D I entirely agree with your assessment of trust and certain security instead of probabilistic I prefer hosting myself as well, in part because I get a chance to learn quite a bit from it and then there's the obvious benefit of better privacy and control. But I do use social media services and even at that, I make an effort to keep the data I have on then to be minimum and It mostly serves as a pin board to post some experiences or ideas cuz really there's no social interaction. I have been meaning to migrate from Google Photos though, the facial recognition and growth of deep fake tech has been driving me a bit crazy.. I intend to put the photos on Mega.. it isn't the perfect solution, but it's a much better one. I wouldn't host a mail server myself cuz of things involved in it and given how little I send and receive emails, it's not worth the effort for me, I use Zoho for my domain's emails, otherwise I rely on ProtonMail. I can't wait to get my hands on a physical server myself to try out cool stuff like DNS, I hosted it on my VPS a few months back as a test and it was pretty cool but I had to take it down due to latencies and performance impact