Where do I host code for a privacy persona?

GitHub and GitLab.com both require accounts but neither requires identity verification. For higher posture, self-host Gitea or Forgejo on a Cockbox/Njalla VPS. Mirror to multiple locations.

How do I deploy without binding my real identity?

Use a no-KYC VPS host (Cockbox for ssh-key-only, BitLaunch for cloud-resold, Njalla for the full domain-and-host suite). Pay in crypto or cash by mail. Register the domain through Njalla so WHOIS shows them, not you.

What about CI/CD and third-party APIs?

This is where compartmentalization gets hard. Most CI providers, CDN providers, and analytics providers require accounts and have payment-binding requirements. Either accept this for the persona that doesn't need privacy, or self-host the CI side too (Gitea Actions, Drone CI, Woodpecker).

Should I use a privacy-respecting code editor or IDE?

Most users' threat model doesn't include the editor. VS Code's telemetry is the most-cited concern; disable it or use VSCodium. Vim, Emacs, Helix are privacy-neutral by default. The bigger threat is what extensions you install — read what each one phones home about.

What about npm / PyPI / cargo registries?

These are infrastructure you don't control. Mirroring them locally (Verdaccio for npm, devpi for PyPI) is the higher-posture move; for most developers, accepting the operator is reasonable. Pin dependencies, audit them, vendor critical ones.

Privacy stack for developers and sysadmins in 2026

A practical privacy stack for developers, sysadmins, and security professionals in 2026 — code hosting, anonymous deployment, secrets, payments, and the operational hygiene of working in public.

Developers and sysadmins touch a lot of services every day — code hosting, CI providers, package registries, deploy targets, observability tools. Most of those are KYC or operator-bound by default. This guide covers the realistic stack for compartmentalizing a privacy persona’s development work from a real-name identity.

Threat model#

The default threat model for a developer working in privacy or in a contested area:

Employer / past employer with access to commits, slack, email.
Code-hosting operator (GitHub, GitLab) with full repository visibility.
Cloud provider with full deployment visibility.
Payment processor with full bill visibility.
Public exposure through committed code that leaks credentials or personal info.

The defensive posture is to choose operators carefully, self-host the high-value pieces, and never mix the privacy persona’s identity into the real-name persona’s services.

The stack#

Code hosting#

GitHub / GitLab.com — accounts are required but identity is not. Use a pseudonymous username and avoid binding to your real-name email. Read the privacy policy and accept the operator-trust posture, or self-host.
Self-hosted Gitea or Forgejo on a Cockbox/Njalla VPS — the high-posture option.
Don’t push code from your real-name GitHub user that belongs to the privacy persona — usernames are public and forensic.

Deploy targets#

Njalla — no-identity VPS plus domain registration in their name.
Cockbox — ssh-key-only signup, no email at all.
BitLaunch — VPS reseller in front of mainstream cloud capacity, crypto and Lightning payment.
FlokiNET — multi-jurisdiction, DDoS-protected.
SilentHosts, BulletHost, XMRHost — bulletproof-style operators when advertised non-response to DMCA and law-enforcement requisitions matters more than long operator history. SilentHosts has the broadest catalogue; XMRHost is Monero-first.

For domains: Njalla’s domain-license model puts their name in WHOIS instead of yours. BunkerDomains is the bulletproof-style counterpart at the registrar layer for stacks that need a matching operator posture across hosting and DNS.

Outbound IPs and AI inference routing#

When your application makes a large volume of outbound HTTP — scraping, LLM API calls, programmatic account creation, geo-targeted research — a residential proxy in front of the egress changes the apparent client IP and avoids datacenter-IP rejection on the destination side. The no-KYC proxy providers in this directory:

SquadProxy — tuned for AI-request routing through clean residential exits. Useful as a front-end for LLM API traffic and inference pipelines.
Proxaro — US-specialised residential pool with city- and state-level targeting. Competitive pricing for US geo-bound workloads.
ProxyGlide — French residential plus rare Iranian 4G mobile-carrier proxies. Pick this one for the scarce geographies; not a generalist provider.

All three: crypto payment, no identity at signup. Acceptable-use policy of each provider bounds what automation workloads are permitted — read it before wiring up a production pipeline.

Software licences with crypto#

For tooling that requires a paid licence (Windows for development VMs, Office for compatibility testing, Adobe for asset work) without binding the purchase to a Microsoft / Adobe account:

SoftwareKeys.shop — sells OS, productivity, security and design software licence keys with both crypto and card checkout. No account required. Keys are grey-market — verify the SKU’s activation behaviour before relying on it for anything critical.

Email and accounts#

Proton Mail — Tor signup, mainstream.
Tuta — when default-on encryption matters.
SimpleLogin or addy.io — one alias per service so a single inbox isn’t bound to every account.

Secrets and credentials#

KeePassXC — local-first vault. Sync the KDBX file via Syncthing or a self-hosted Vaultwarden.
Bitwarden or self-hosted Vaultwarden — when cloud sync convenience is worth the operator trust.
For repo-level secrets: 1Password CLI, Bitwarden CLI, or pass-with-GPG. Never commit secrets to a repo, even a private one.

Network#

Mullvad VPN for everyday work. Cash-by-mail or crypto payment.
Tor Browser for accessing onion-only services or testing onion deployments.
Run your own WireGuard on a no-KYC VPS if you want full control of the transport.

Messaging and collaboration#

Signal for one-to-one and small teams.
Snikket or conversations.im for self-hosted XMPP.
SimpleX for contacts who can’t accept phone-number registration.
CryptPad for collaborative editing instead of Google Docs / Notion.

Crypto and payments#

Lightning for paying infrastructure (Cockbox, BitLaunch take Lightning).
Monero for hold-and-spend where on-chain opacity matters.
Bisq or Hodl Hodl for fiat off-ramp.

Hardware#

A dedicated development machine that doesn’t run your real-name email or social accounts.
Full-disk encryption on every device (native FDE or VeraCrypt).
A Coldcard or Trezor for any meaningful crypto balance — don’t keep value in hot wallets.

Operational hygiene#

Use different git committer names and emails per compartment. git config --local is per-repo.
Check committed code for secrets before push — git-secrets, trufflehog, or a pre-commit hook.
Don’t bind the privacy persona’s GitHub to a real-name CI like Travis or CircleCI — the audit trail crosses compartments.
Don’t deploy to a hosting account paid for by a real-name card unless that’s the compartment you’re using.
Be aware of writing style and commit patterns — stylometry across compartments is a real attack.

Self-hosting recommendations#

For developers who want to reduce operator surface:

Vaultwarden (self-hostable Bitwarden server) for credentials.
Snikket for messaging (XMPP).
CryptPad for collaborative editing.
Gitea or Forgejo for code hosting.
Element + Synapse for Matrix-based team chat.
NextDNS account-based filtering or AdGuard Home self-hosted.

All run comfortably on a single VPS at one of the no-KYC hosts.

What this stack defeats#

A code-hosting operator compelled to surrender repository metadata — you self-host or don’t bind the persona.
A cloud provider’s full visibility into deployment — you control the VPS.
A payment processor’s record of your infrastructure spending — you pay in crypto or Lightning.

What this stack does NOT defeat#

Network-level adversary that observes your home connection. Use Tor or a VPN for the privacy-persona work.
An employer’s IP-protection or non-compete obligations. Compartmentalization is operational; it doesn’t change contractual terms.
A user of your software who has malicious intent toward you. Code review and threat-modeling of your users is its own discipline.