==================================================

==================================================

Welcome to the Hearth Box project. Our primary goal is to provide an easy to use and affordable method for oppressed and at-risk groups (such as the queer community and religious or ethnic minorities) to communicate securely without fear of surveillance, censorship, or government violence. Our secondary goal is to make it easier for people to manage and store their own data online, without relying on expensive and intrusive tech monopolies. This guide will show you how to set up a secure, end-to-end encrypted, self-hosted communication server which includes text, voice, and video chat, and which can be modified to include encrypted, remotely-accessible cloud storage and ad blocking.

This guide will show you how to set up a "Hearth Box". A Hearth Box is a device you physically own, which hosts a secure, end-to-end encrypted, self-hosted server accessible on the worldwide web. What this means is that you and others can communicate through it via text, voice, and video chat, on your personal computers and mobile devices, without censorship and without anyone intercepting and reading your communications en-route. A Hearth Box also enables cloud storage of your personal data, which likewise cannot be censored or spied on by third parties. Finally, as an extra perk, a Hearth Box can help filter some internet ads which standard ad-blockers may miss.

(left) An example of a Hearth Box. (right) An example of one of the communication platforms which can be hosted on a Hearth Box.

Our primary goal is to provide an easy to use and affordable method for oppressed and at-risk groups (such as the queer community and religious or ethnic minorities) to communicate securely without fear of surveillance, censorship, or government violence. Our secondary goal is to make it easier for people to manage and store their own data online, without relying on expensive and intrusive tech monopolies. We have written these documents with ease of access in mind and they intended to be accessible even by those with little to no technical expertise. This guide will show you how to set up a "Hearth Box" secure, end-to-end encrypted, self-hosted server (i.e. information sent through this server en-route by anyone other than their intended recipients) using hardware you physically possess, which enables text, voice, and video chat, and also remotely-accessible cloud storage and ad blocking.

The server on a Hearth Box facilitates communication which is much more difficult for governments or malicious actors to surveil than other methods like texting, Facebook Messenger, Instagram, WhatsApp, or Discord. While we suggest the Signal app as an easier-to-use alternative for secure, end-to-end encrypted communication, it is blocked in some countries as of 2025, (such as Russia, Venezuela, China, and Iran). This can be circumvented by a virtual private network (VPN), but those services are often restricted by government censorship as well.

While no form of digital communication is definitively secure, encrypted self-hosted communication systems are far more difficult to usefully surveil, interfere with, or ban. Using self-hosted servers to communicate is infinitely more secure than communicating with programs like WhatsApp or Discord, which can read your messages and which regularly cooperate with governments' requests to access users' messages and other data. However, a self-hosted server will not protect you from FBI spyware installed directly on your computer, if that is used to gain access to your usernames and passwords. When discussing private information online, remember that the best security is always caution and nothing is foolproof.

So, should you build a Hearth Box? It depends. If you're a member of an at-risk group, this system could provide a substantial boost to your safety. If you live in the United States and you or someone you know is part of the queer community, you might consider building a server to insulate yourself from spying by the federal government, since the Department of Homeland Security will surveil people based solely on their sexual orientation or gender identity. If you pay monthly fees for cloud storage services such as Google Drive, iCloud, or Dropbox, or for encrypted telecommunication services such as Doxy.me or Zoom Business, building a home server may be cheaper for you in the long run. Finally, as an extra perk, a Hearth Box can help filter some internet ads which standard ad-blockers may miss.

If you are not part of an at-risk group and don't know anyone who is, you are not paying for cloud or communication services, and you don't care about ads, you may still want to consider self-hosting on privacy grounds. Most major communication programs are neither secure nor private, and often sell your data or give it to the police without a warrant. Most online file-storage programs (such as Google Drive, Microsoft OneDrive, and Adobe Creative Cloud storage) store your files unencrypted, and some even sell private information from them to advertisers or use the files you store on them to train AI models. If you, like us, consider this a gross invasion of privacy, then you should consider building a Hearth Box.

Authors' note, 18 May 2025: This is a new project, and therefore a work in progress. Some of the content is missing from this guide. Please be patient while we fill it out.

Follow these instructions step by step to make a secure communication hub / home server. Each step links to a detailed list of instructions.

We want to make this project accessible to as many people as possible, which means these instructions are written for people with little to no experience building computers, making websites, or self-hosting. Consequently, we've made individual steps in this guide as simple as possible. That also means that there are a lot of steps, but don't let the length of the guide intimidate you! (If you're an IT expert, you may find these instructions overly detailed; we hope they're still useful to you.) Whether you're a novice with computers and need your hand held through each step, or if you're an IT expert who happens to trip over some particular pain point, we don't want anyone to give up on making a home server because we didn't explain it carefully enough.

1. Decide what you're getting.

   (Authors' Note: If you're in the United States, the 2025 tariffs have substantially increased the prices for electronics. The prices listed in this guide may no longer be accurate, but the market is too volatile to keep them updated. For lower prices or improved availability, we suggest buying refurbished equipment if possible, with the exception of hard drives. If you choose to purchase refurbished hard drives as well, be aware they they can be unreliable and you should be especially vigilant about backing up any data stored on your Hearth Box.)

   1. Full Home Server with Cloud Storage and Secure Communication (~$150-200 + $10/yr)
   2. Secure Communication Only (~$50-70 + $10/yr) (this section of the guide is not yet constructed)

2. Buy the equipment you need from this list.

3. Purchase a domain name (web URL) and set it up. When you are finished, you and others will access your communication server by going to this URL. Setting up a web URL with Cloudflare.md

4. Install the imaging software. This software lets you use your computer to install other software onto your equipment. Authors' Note: (Pre-made) is aspirational. For now we're only putting together the resources for (Manual).

   1. (Pre-made) There are prepared images (copies of everything needed to make your Pi a computer with software) and scripts (programs which will ask you for your inputs) which will let you set everything up painlessly. You will only need to type in things like your wifi name and password, your desired usernames and passwords, your domain name, etc.
   2. (Manual) There is a list of tools and instructions with which you can install a fresh Raspberry Pi OS and add everything you need. Nothing in this section is automated.

5. Assemble your Raspberry Pi.

6. Image an operating system onto your SSD (Full Home Server) or your Micro SD Card (Secure Communication Only). These are the storage devices which will hold all the operational software for your equipment.

7. Install SSH software (this lets your computer talk to your Raspberry Pi during the installation).

8. Log into your Pi and complete the installation, using CasaOS.

9. Set up Cloudflared (not to be confused with Cloudflare), which lets you and others connect to Nextcloud / Databag remotely over the internet.

10. Set up your Nextcloud server, for secure communications and cloud storage. (mostly complete)

• Learn how to manage a Nextcloud server. (incomplete)
• Learn how to use a Nextcloud server for communications, including text messages and voice / video calls. (incomplete)
• Learn how to use a Nextcloud server as cloud storage. (incomplete)

11. Optional: Set up your Databag server, for extra secure communications. (incomplete)
12. Optional: Install an advertisement and tracker blocker (incomplete)
13. Talk to your friends and say hi to others.

Before you start, you should to decide on the usernames, passwords, and emails you will use to log in to certain programs. You will need these later, and they are very important for your security. You should also decide on the URL for your Hearth Box.

Warning: Make sure these are usernames and passwords you can remember and which do not rely on simple patterns. If you absolutely must write them down, store them in a secure offline location.

Warning: None of these usernames or passwords should be the same as other usernames or passwords you use.

You will need:

• Web URL (this is the URL you and others will use to access your Pi's services) (WARNING: This is publically visible and SHOULD NOT MATCH ANY USERNAMES BELOW)

• CasaOS username (this is the username you use to log into your Pi through a web browser)

• CasaOS password (this is the password you use to log into your Pi through a web browser)

• Nextcloud username (this is the username you use to log into your home server storage, and an alternative secure communication service)

• Nextcloud password (this is the password you use to log into your home server storage, and an alternative secure communication service)

• Databag username (this is your username for the secure communication app) (Important: Do not ever set your browser to autocomplete this username)
• Databag password (this is your password for the secure communication app) (Important: Do not ever set your browser to autocomplete this password)
• Databag admin password (this is your administrator password for the secure communication app)

IMPORTANT: None of these passwords should be the same as the others!

• Raspberry Pi hostname ([hostname].local is the name your Pi goes by when your computer talks to it)
• Raspberry Pi username (this is the username you use to log into your Pi through the terminal) (if you don't know what that is yet, don't worry)
• Raspberry Pi password (this is the password you use to log into your Pi through the terminal)
• Cloudflare email (this is the email you use for a free account with a service which lets you receive and manage your web URL)
• Cloudflare password (this is the password you use to receive and manage your web URL)

You will also need to record the following information during this installation. You should record this information somewhere offline, where you won't lose it.

• Your Raspberry Pi's local IP address
• Your network router's local IP address
• Your network router's global IP address

Note about notation:

• Text surrounded by square brackets [like this] indicates example text which should be replaced by something specific when you write it. You should also remove the square brackets when doing so.
• Text which appears in bold like this refers to information you should have already decided on or recorded somewhere, during a previous step. For example, Raspberry Pi hostname refers to the hostname you selected for your Raspberry Pi, in the list above.
• Text which appears highlighted like this refers to user inputs you must take, such as the name of a button you must push or text you must enter.

Click below to begin your self-hosting journey!

Next ->