How to deploy own Speakeasy server

• Deploy own Speakeasy
  • Deploy in the cloud
  • Deploy at home
  • Deploy on home ARM device
  • Using Speakeasy with Tor Browser and Tor Socks 5 proxy
  • Other ways to improve privacy and security when using Tor Socks 5 proxy security
• Using Cloudflare with Speakeasy
• Browser privacy
• Take-aways

Deploy own Speakeasy ¶

Normally Speakeasy server you connect to knows your IP (and browser details, etc.) and not much else.

Speakeasy accounts aren’t tied to server instances, so you can connect to different servers - as long as they’re not compromised - to lessen the chance of tracking.

But “they” can still track you by monitoring connections to xx network gateways (endpoints), so hiding your IP from the server doesn’t help much.

Still, there are several ways to marginally improve privacy when using Speakeasy.

Every user can run their own Speakeasy server.

Speakeasy server just lets you download the Speakeasy app that runs in the browser app, so it’s a trivial workload.

Deploy in the cloud ¶

Unless you think “they” could hijack your VM, compromise the code and gain access to your chats that way, running Speakeasy in the cloud is a good option.

It works fine in a small 1GB VM. Like I said, all it does is lets you download the app.

But in my opinion there’s no reason to spend that money unless you use the cloud VM for other things you need (which lowers the cost, but increases the risk of the server getting hacked).

The only reason to run Speakeasy in your cloud VM that I can think of is for your group of friends, or community. That way they don’t have to install their own or access some 3rd party server. As long as you can secure a Web server, it’s a cheap way to save your friends time and protect everyone’s IP address privacy.

Deploy at home ¶

Speakeasy can be deployed in Docker on your own computer, whether it’s Windows, Linux, OS X or something else.

How does it work? You deploy Speakeasy container and access Speakeasy at https://localhost.

I tried this with v0.12 which didn’t have HTTPS, but I’m not sure if that would work with v0.13 and v0.2.0 (released on Jan 18, 2023).

Deploy on home ARM device ¶

If you have a small ARM64 device with 500MB of free RAM, chances are Speakeasy can run there, either containerized or “bare metal”.

Because it now uses HTTPS, it’s a good idea to put a proxy in front of it, and set it up with Let’s Encrypt TLS certificate, so that Speakeasy becomes accessible to you when not at home.

You can also share this to your friends and optionally protect access with simple Basic Authentication so that only your friends can access Speakeasy. This isn’t to save the bandwidth (as I already mentioned, the client only downloads the app) but to protect your Speakeasy from attacks.

Using Speakeasy with Tor Browser and Tor Socks 5 proxy ¶

Do you need this? Probably not. Is it a good idea? Probably yes.

You don’t need Tor for Speakeasy, but you may need Tor if you click on links shared over Speakeasy.

• Tor Browser: doesn’t work, don’t try
• Tor Socks 5 proxy: this works fine, so let’s discuss this scenario

The way to make this work is:

• Start Tor network and run Tor Socks 5 proxy
• In another (not Tor Browser) browser, create a new profile and in that profile make it use Socks 5 proxy at localhost:9050 or LAN IP you’re running Tor at
• Optionally, exclude your home Speakeasy instance (pi4.local, 192.168.1.2, or whatever it is) from being proxied. There’s no need to proxy that

Other ways to improve privacy and security when using Tor Socks 5 proxy security ¶

To better protect your privacy when using content shared in Speakeasy:

• Run Tor Socks 5 proxy in a VM or container
• Ensure DNS resolution isn’t leaking (there are online tools that let you test that)

Using Cloudflare with Speakeasy ¶

Whether you run Speakeasy in the cloud or at home, you can protect it from attacks and add TLS by proxying it with Cloudflare. I blogged about that here.

Privacy purists usually say this way you give up privacy because Cloudflare knows IP addresses of all people who access Speakeasy through it, but I think that’s not a bad thing because who connects to xx network can be monitored without Cloudflare by monitoring source of connections to gateways (unless that source are Tor exit nodes that the US government does not operate.)

So my recommendation to most users would be: go ahead and use Cloudflare.

Browser privacy ¶

• Create a dedicated browser profile without add-ons/extensions for use with Speakeasy
  • Some people recommend to run the browser and Tor Socks 5 in the same VM which is smart if you need to go an extra mile for highest security. In any case, check for DNS leaks
• Do not clear browser cache on every exit if you don’t want to load the identity file (JSON) on every restart. If you don’t mind to do that, you may clear browser cache but then you have a new challenge, which is to properly protect your JSON profile file and use a complex password and not just 10 letter password most people set

Take-aways ¶

If you use Speakeasy on a regular basis, it is highly recommended to deploy Speakeasy at home and protect it with Cloudflare proxy.

Then, using it in conjuction with Tor Socks 5 proxy is desirable if you plan to click on links shared by people you don’t know. If you do that, take measures to prevent DNS leaks may be desirable as well.