The project Selfhost your Way out addresses a central paradox of digital infrastructure in the age of platform economies: While the internet was originally conceived as a decentralized networked medium, today’s digital everyday life is dominated by centralized providers offering proprietary services. The resulting loss of digital sovereignty affects not only individuals but especially smaller organizations—such as associations, NGOs, or cultural institutions—that often lack the resources and technical know-how to operate their own infrastructures. Building on insights from the project Open-Sourcing a University, which demonstrated institutional self-hosting at a high level, Selfhost your Way out explores how decentralized hosting solutions can remain feasible even under restrictive conditions. The developed prototype provides a modular, cost-effective software stack that can be operated independently of fixed IPv4 addresses or publicly accessible network configurations.At the core of the solution is a cloud-based reverse proxy that forwards exclusively SSL-encrypted traffic via Wireguard tunnels to locally operated devices (e.g., Raspberry Pi), without itself having access to the transmitted content. The cloud host acts merely as a transit routing point—by using TLS preread mechanisms, decryption is strictly reserved for the local device.This architecture creates a viable balance between accessibility, security, and independence—without requiring deep interventions in home networks or advanced technical expertise. Selfhost your Way out thus positions itself as a design-driven intervention against the increasing alienation from digital spaces and advocates for the reappropriation of technological self-determination.Below are several project examples that build upon this paradigm.

Beyond this, the project raises the question of trust relationships within shared, locally operated infrastructure: When users seek to establish network effects, this typically leads through federated protocols—yet such protocols should not require unconditional trust in the infrastructure itself. This tension is addressed by implementing the [Matrix] protocol on the application layer, which supports optional end-to-end encryption (E2EE). The result is a layered security architecture: the transport layer is encrypted via Wireguard, connection metadata is protected through TLS, and content itself is secured once more at the application level via E2EE.This cascading encryption model ensures that, even in the event of compromised infrastructure, no content can be exposed.