← Articles

Deploy a Privacy App on a No-KYCKnow Your Customer rules require users to submit identity information such as passports, selfies, addresses, or phone numbers before accessing a service.Glossary → VPS

GUIDEHostingOPSECOperational security is the practice of minimizing information leaks across behavior, devices, accounts, payments, and routines that can expose identity or intent.Glossary →Updated March 2026~10 min read

Render.com, Vercel, Netlify, and Railway make deployment easy. They also sit under US law. They know who you are, how you paid, and what you deploy. If you build a privacy app, hosting is part of the product. This guide covers four no-KYC VPS providers that take Monero, then walks through a Node.js / Next.js deploy with PM2 and Caddy.

Prerequisites
  • Monero wallet with funds (Feather Wallet on desktop or Cake Wallet on mobile)
  • A domain registered through Njalla or another privacy-respecting registrar
  • Basic Linux comfort: SSH, file editing, running commands
4
Vetted no-KYC providers
cunicula.com review 2026
0
IDs required (Njalla/FlokiNET)
Provider policies 2026
~$5
Entry VPS / month in XMR
Provider pricing 2026
IS/RO/NV
Best jurisdictions
Iceland / Romania / Nevis

Provider Comparison

FIG. 2No-KYC VPS providers - jurisdiction, XMR acceptance, Node.js support
FactorFlokiNET1984 HostingNjallaFrantech
JurisdictionIceland + RomaniaIcelandNevis (Caribbean)Canada / EU
Accepts XMR
DMCA-ignored-
Node.js VPS
Domain proxy--✓ (Njalla name)-
No real namePartial
Entry price/mo~$5~$4~$15~$5
Five EyesNoNoNo (Nevis)CA (EU nodes)

FlokiNET

Iceland and Romania. Takes XMR and BTC. Long record with privacy-focused customers. Iceland is outside Five Eyes. Romania adds jurisdictional spread. A solid pick for production if you want uptime and support.

1984 Hosting

Iceland. Named after Orwell. Cheap entry point, with shared hosting under $4/month and VPS plans from $6. Takes crypto. Used by activists and journalists. Smaller than FlokiNET, but clear about what it stands for.

Njalla

Founded by Peter Sunde. Registered in Nevis. Njalla registers domains in its own name for you, so your identity does not appear in WHOIS. It also sells VPS plans and takes XMR. If you want the domain and server under one pseudonymous setup, Njalla does both.

Frantech / Servers.guru

Canadian company with EU nodes. Good reputation. Takes crypto. Canada is in Five Eyes, so account for that. EU nodes can still keep data outside Canada. Good value if you want compute without Iceland pricing.

Pay with a card or bank transfer and you lose privacy at the hosting layer. Use Monero. Bitcoin is pseudonymous but traceable. If it came from a KYC exchange, the trail can be followed. XMR from a no-KYC source is the cleaner choice.

Server Setup

After you provision the VPS, lock it down before you install anything. Ubuntu 22.04 LTS is a safe default.

Initial hardening

  1. SSH in with your key: ssh root@YOUR_IP
  2. Create a non-root user: adduser deploy && usermod -aG sudo deploy
  3. Copy your SSH key to the new user: ssh-copy-id deploy@YOUR_IP
  4. Disable root SSH and password auth in /etc/ssh/sshd_config: set PermitRootLogin no and PasswordAuthentication no
  5. Restart SSH: systemctl restart sshd
  6. Enable firewall: ufw allow 22 && ufw allow 80 && ufw allow 443 && ufw enable
  7. Install fail2ban: apt install fail2ban -y

Install Node.js and PM2

Next.js needs Node.js. Use the NodeSource repo for a current LTS release:

  1. curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
  2. apt install nodejs -y
  3. npm install -g pm2

Deploy the application

  1. Clone your repo (from Codeberg or a private git server): git clone https://codeberg.org/USERNAME/REPO.git /var/www/app
  2. Install dependencies: cd /var/www/app && npm ci
  3. Build: npm run build
  4. Start with PM2: pm2 start npm --name "app" -- start
  5. Persist across reboots: pm2 startup && pm2 save

PM2 runs Next.js on port 3000 by default. Caddy proxies ports 80 and 443 to 3000 and handles TLS for you.

Install Caddy and configure HTTPS

  1. Install Caddy from the official repo (see caddyserver.com for current instructions)
  2. Create /etc/caddy/Caddyfile:
    yourdomain.com {
  reverse_proxy localhost:3000
}
  3. Start Caddy: systemctl enable caddy && systemctl start caddy

Caddy gets a Let's Encrypt certificate and renews it for you. Your app is live on HTTPS with no manual cert work.

Ongoing Operations

  • Deploy updates: cd /var/www/app && git pull && npm ci && npm run build && pm2 restart app
  • View logs: pm2 logs app
  • Monitor: pm2 monit
  • Automatic security updates: apt install unattended-upgrades -y && dpkg-reconfigure unattended-upgrades
This stack gives you a working Next.js app without exposing your identity at every layer. No Vercel account. No AWS billing. No GitHub. The weak point is the Let's Encrypt request, which puts your domain in public CT logs. That is standard TLS. If that matters, run a TorThe Tor network uses onion routing to obscure IP addresses and browsing paths by relaying traffic through multiple volunteer-run nodes.Glossary → hidden service (.onion).

Follow the Money

AWS, Azure, and GCP pull in $90B+ a year from US government contracts. The no-KYC hosts on this list are small, bootstrapped, and built on different incentives.

← PreviousPrivate DNS Setup Guide: Stop Your ISP Logging Your VisitsNext →Pro-Israel Lobby Money and Politicians: The US, UK, and Australia Documented

Related