Privacy-First Web

What's in this pack

This pack collects the six self-hostable privacy frontends that, together, replace Google search, the Twitter web, the YouTube web, and the dying RSS-reader market — without ever sending click data to the underlying platforms. Every entry is open source, runs in Docker, and works behind your existing reverse proxy.

The six split into two roles: SearXNG, FreshRSS, and Miniflux are the intake layer (where you discover and queue content); Invidious, Nitter, and Piped are the consume layer (how you actually read or watch without scripts and trackers).

Why a privacy-first web stack matters

Search and social platforms have become ad networks first and content services second. Every Google query, YouTube watch, and Twitter scroll is a fingerprint sent back to the platform's ad ML. That's not a paranoid take — it's stated openly in the privacy policies. The privacy-first web stack offers three escapes:

• No fingerprinting at the platform. SearXNG sends queries to multiple upstream search engines from a single IP (yours, or a VPN's). The platforms see one IP and no cookies. Your search history doesn't accumulate on any single account.
• No tracking pixels in your reading flow. Invidious and Piped strip the YouTube embed of its tracker pixels. Nitter does the same for Twitter. You see the content, not the analytics.
• You control retention. FreshRSS and Miniflux keep your read history on your server for as long as you want, and let you export OPML at any time. Feedly's free tier limits feed counts and history retention; here, the limits are your disk size.

The cost is operational: you must keep the proxies up, refresh API tokens (Nitter and Piped occasionally need fresh upstream credentials), and accept that some content silently breaks when YouTube or Twitter ships an upstream change. Plan for a one-hour-a-month maintenance window.

Install in one command

# Install the entire pack
tokrepo install pack/privacy-first-web

# Or pick the frontends you actually use
tokrepo install searxng
tokrepo install freshrss
tokrepo install invidious

The TokRepo manifest provides a Docker Compose with shared Postgres, a Redis cache for SearXNG result aggregation, and a Caddy reverse proxy with automatic TLS. Add your domain, run docker compose up -d, and the stack is browsing-ready.

Common pitfalls

• Invidious / Piped instances get rate-limited. YouTube's anti-scrape measures hit any single IP that fetches too many video manifests. Configure rotating upstream proxies or accept that your single-user instance will hit transient errors during heavy days.
• Nitter authentication churn. Twitter changes its guest API regularly. Nitter requires fresh guest tokens every few weeks. Pin a Cron job to refresh them or accept that Nitter will go down silently.
• SearXNG result quality depends on engines enabled. Default settings include too many low-quality engines. Curate the engine list to Google + Bing + DuckDuckGo + a regional engine for your locale; the rest add latency and noise.
• FreshRSS feed bloat. Add 200 feeds and the per-load fetch cycle becomes minutes long. Cap feeds to active sources and use FreshRSS's built-in archiver for sources you read monthly.
• Reverse proxy CORS gotchas. Invidious player embeds will fail if the reverse proxy doesn't pass through the right headers. The TokRepo Caddy template fixes this; if you bring your own proxy, replicate the CORS rules from our docs.

When this pack alone isn't enough

Privacy-first web is one half of a privacy stack. The other half is what runs when you click. If you summarize articles with ChatGPT, you've reintroduced the tracking you just removed. Pair this pack with Run LLMs Locally for offline summarization, and with AI Second Brain to make your reading history queryable without ever leaving your network. For productivity-app privacy (docs, files, calendar), see the Self-Hosted Productivity Suite pack.