system online · no logs · no tracking · no kyc tor: v3 ready
[never]kyc
login sign up →
root@neverkyc:/blog/njalla-vs-privex-vs-servury-anonymous-hosting-review$ cat post.md

Njalla vs Privex vs Servury: Anonymous Hosting Review

// by ~anon · 2026-05-31 · mock,auto-generated,en

Njalla vs Privex vs Servury: Anonymous Hosting Review

If you operate a Tor hidden service, a Monero remote node, a privacy-focused mail relay, or simply a personal blog you do not want tied to your civil identity, the choice of hosting provider is the single most consequential decision you will make. A server signed up with a Stripe receipt linked to your real name is a beacon, no matter how carefully you configure the operating system on top. In 2026, three names dominate every conversation about anonymous infrastructure: Njalla, Privex, and Servury. Each takes a different bet on what privacy means, where it should live, and how far a hosting company is willing to go when an abuse complaint or a subpoena lands in the inbox.

We bought time on each provider, tested the signup flow with Monero, mapped their stated jurisdictions, and compared what they will and will not hand over. This review is not a sponsored placement and does not chase any affiliate dollars. It is the kind of breakdown we wish existed when we first wired up our own infrastructure and discovered, the hard way, that "accepts crypto" and "actually anonymous" are very different claims. If you arrived here from MoneroSwapper while planning to pay with XMR from a recent swap, you are already most of the way to a usable threat model — the hosting decision is the next layer.

Why anonymous hosting still matters in 2026

The temptation, especially among newer users, is to assume that the major hyperscalers solved this problem. They did not. AWS, Hetzner, OVH, DigitalOcean, Vultr, and their peers all require either a verified payment method or, in many regions, an uploaded ID document before they will let you spin up an instance. Even where they accept crypto today, that crypto is usually routed through a custodial on-ramp that already linked your wallet to a passport scan. The hosting company does not have to know your name directly when their payment processor knows it for them.

2025 made the stakes painfully obvious. The European Union's MiCA regime moved into full enforcement, several jurisdictions began experimenting with so-called "infrastructure attribution" rules that ask hosting providers to keep customer-identification logs for at least eighteen months, and a handful of large data centres started pre-emptively dropping clients whose payment trail had any link to mixers or coinjoin services. The chilling effect was immediate. Operators of journalism backends, mesh-network gateways, harm-reduction sites, and ordinary self-hosted email began to look for providers that simply do not collect the information regulators want to pull.

  • Subpoena resistance: a host can only hand over data it actually possesses. Providers that never collected a phone number cannot disclose one.
  • Payment unlinkability: if your hosting bill is paid with Monero from a clean source, there is no card statement that connects a real-world identity to the server's IP address.
  • Jurisdictional friction: requests routed through Nevis, Iceland, or other non-MLAT jurisdictions take months to process and often die in transit.
  • Abuse-handling philosophy: the difference between a provider that forwards every complaint to you for a polite reply and one that kills your VPS within an hour is enormous.
  • Operational realism: uptime, IPv4 availability, and bandwidth caps still matter — privacy is not useful if the service is down half the time.

The three providers below were not chosen because they are the cheapest or the fastest. They were chosen because each has built a reputation, over several years, for actually defending the people on their network rather than treating customers as a liability. They differ sharply in style, jurisdiction, and price, and the right choice depends almost entirely on what you are trying to do.

The three providers, in depth

Njalla — the Swedish provocateur with a Caribbean shell

Njalla launched in 2017 under the leadership of Peter Sunde, one of the co-founders of The Pirate Bay, and quickly became the reference point for anonymous domain registration. The clever trick at the core of Njalla is that the company itself is the legal owner of every domain it registers; the customer is granted a usage license. This means the WHOIS record points at Njalla, not at you, and any legal demand for the underlying registrant runs into the company's own counsel before reaching anything that could identify a human.

What started as a domain proxy quickly grew into a hosting brand. Njalla VPS, launched in subsequent years, runs on infrastructure in the European Union and offers KVM virtual machines billable in Monero, Bitcoin, Bitcoin Cash, Litecoin, Zcash, Dash, and a handful of fiat methods. The signup flow requires only an email address, and the company famously suggests you use a disposable one. There is no phone-number verification, no government-ID upload, and the support ticket system treats you as an account number rather than a person.

Pricing in 2026 starts around the low double digits in euros per month for an entry KVM, scaling to dedicated allocations for higher-tier customers. The platform is opinionated: you get a fairly standard panel, a console, and the freedom to install almost anything, but the catalogue of templates is deliberately small. Njalla's stance on abuse complaints has been consistent for years — they treat DMCA notices as opinions, not orders, and forward them rather than acting on them automatically.

Privex — Belize-incorporated, performance-leaning

Privex Inc. is registered in Belize and operated by a small team with deep roots in the Hive and Steem ecosystems. The brand has been around since 2017 and has built a steady reputation for being one of the most flexible hosts in the privacy market. They run dedicated and virtual servers in Sweden, the Netherlands, Germany, the United States, and Finland, with custom-built management tooling that lets a customer reinstall, mount custom ISOs, and access an out-of-band console without ever talking to support.

Payment options are wide. Privex accepts Bitcoin, Monero, Litecoin, Hive, HBD, EOS, and several other cryptocurrencies natively, and unlike many privacy hosts they also accept fiat in select jurisdictions for customers who do not need anonymous payment but still want the privacy-friendly operational culture. The signup form asks for an email and a chosen username. Real-name fields exist but are not validated, and the company has stated publicly that they do not retain payment metadata beyond what is required for accounting.

What sets Privex apart in practice is the engineering culture. Their staff are visible on community channels, post detailed post-mortems when things break, and ship features (like custom ISO mounting and full IPMI on dedicated nodes) that bigger anonymous providers often skip. Their pricing on dedicated hardware tends to undercut Njalla's VPS prices for similar resource footprints, especially if you need substantial bandwidth or a custom kernel.

Servury — the Monero-only newcomer

Servury is the newest entrant on this list and the most ideologically pure. The provider accepts only Monero, full stop, and built its onboarding flow around the assumption that you already have XMR in a wallet and know how to send a transaction. There is no fiat lane, no Bitcoin lane, and no escape hatch for someone who does not want to learn how Monero works. For an audience that values fungibility and unlinkable payments above all else, that is a feature.

The company runs VPS and dedicated infrastructure in several European data centres, with a focus on jurisdictions whose data-retention obligations on infrastructure providers remain lighter than the EU average. The signup flow asks for an email, generates an invoice with a subaddress, and provisions the machine within minutes of the second confirmation. There is no human review in the path; the company's threat model assumes operators want to deploy quickly and re-key frequently.

Because Servury is newer, the tooling is leaner than Privex's and the brand has less of a public reputation than Njalla's. The trade-off is responsiveness and ideological alignment: support replies are quick, the abuse policy is short and to the point, and the team has been willing to publish technical detail on how they handle takedown requests. For users who already swap into Monero through services like MoneroSwapper and want the entire stack — payment, hosting, and operations — to live inside the Monero economy, Servury is the cleanest fit.

Head-to-head comparison

The table below summarises the practical differences between the three providers as of early 2026. Specific prices change frequently; the comparison focuses on policy and capability, which move more slowly.

Dimension Njalla Privex Servury
Corporate jurisdiction Saint Kitts and Nevis Belize Europe (operational); registered offshore
Data centre locations EU (Netherlands and partners) SE, NL, DE, US, FI Multiple EU locations
Accepted payment Monero, Bitcoin, BCH, LTC, Zcash, Dash, fiat Monero, Bitcoin, Hive, HBD, LTC, EOS, fiat in some regions Monero only
Identity data collected Email only Email + username Email only
WHOIS proxy on domains Yes — provider is registrant Standard proxy via third-party registrar N/A — hosting only
Abuse handling Forward and consult Forward, defend, terminate on confirmed illegality Short policy, fast response
Custom ISO support Limited templates Yes, including BYO ISO Standard template set
Public reputation lifespan Since 2017, very strong Since 2017, strong in privacy circles Newer brand, building track record
Best fit Sensitive domains + standard VPS workload Demanding workloads, dedicated boxes, custom kernels Monero-native operators, simple workloads

Three patterns jump out of the table. First, Njalla is unique in combining proxy domain registration with hosting in one billing account, which simplifies operational hygiene if your project owns its own domain. Second, Privex is the most flexible from a pure systems-administration standpoint and is the only one that openly serves United States locations alongside privacy-friendly European ones. Third, Servury makes the cleanest break from the fiat economy by accepting only Monero — that is either a hard requirement for you or a non-starter.

A useful rule of thumb: if a single subpoena could connect your hosting bill to your bank account, the rest of your privacy stack is theatre. Fix the payment trail first, the operating system second.

What none of them can save you from

It is worth saying explicitly: none of these providers will protect you from your own operational mistakes. A perfectly anonymous VPS, paid in Monero from a freshly swapped wallet, running a service that logs in to your personal GitHub account on first boot, is no longer anonymous. None of the three will save you from an SSH key reused across machines, from logging into a Tor service over clearnet, or from connecting a phone-tethered hotspot to your home Wi-Fi. The host's job is to keep the front door clean. Everything behind that door is yours.

How to evaluate and pay for an anonymous host

Pretty much every meaningful decision you make here happens before the invoice is generated. Once the bill is paid and the VM is provisioned, your room to manoeuvre shrinks dramatically. The following sequence is the one we follow internally when standing up a new server we do not want tied to a real identity.

  1. Write down the threat model in plain language. "I do not want my neighbour to know I run this" is a different problem from "I do not want a state actor to enumerate the people who maintain this service." The provider that fits the first does not necessarily fit the second.
  2. Source the Monero. Buy XMR through a no-account swap path — MoneroSwapper or a comparable service — using funds that have no on-chain connection to a KYC exchange withdrawal in your name. Wait the recommended ten confirmations before treating it as spendable.
  3. Sit on the coins for at least a day before sending them to the hosting invoice. This is not strictly necessary thanks to the fundamental privacy of the Monero protocol, but it helps reduce timing correlation in the rare case where someone is watching both ends of the transaction.
  4. Open the hosting signup using Tor or a trusted VPN whose payment trail is separate from any identifier you control. Use an email address created for this purpose alone, ideally on a provider that does not require a phone number.
  5. Pay the exact invoice amount from a fresh subaddress generated inside your wallet. Do not reuse subaddresses across hosting providers, especially across providers with different jurisdictions.
  6. When the server is online, harden the operating system before connecting any service you care about. Disable password SSH, install only the keys you generated for this machine, and verify the kernel and firmware versions against upstream.
  7. Plan for the rotation. Anonymous infrastructure ages badly. Decide in advance how often you will rebuild from scratch — many operators we respect cycle every six to twelve months — and how the rotated payment trail will look.

Most operators who get burned skip step one or step seven. They pick a provider on price, run a server for two years, and discover only when something goes wrong that their threat model and their actual setup never matched. Writing the threat model down and revisiting it on a schedule is unglamorous and saves enormous amounts of grief.

Case study: a journalism backend in 2025

To make this concrete, consider a small team running a tip-line for an investigative outlet in a country where source protection is contested in court. They need a server that hosts an onion service, a SecureDrop-style upload, and a small relational database that never leaves the box. Their threat model includes both opportunistic attackers and the possibility of a formal legal request aimed at exposing their sources.

For that team, Njalla is a strong choice for the public-facing domain, because the registrant masking is genuinely useful. Privex makes sense for the heavy lift — a dedicated machine with a custom kernel and full disk encryption supported by IPMI, paid for in Monero, located in a European jurisdiction with a long track record of resisting blanket data-retention demands. Servury could be useful as a secondary, throwaway VPS for the onion entry point, deliberately separated from the main backend so that a compromise of the entry node tells an attacker nothing about the database host.

The key insight here is that the three providers are not competing for the same workload. They are complementary, and a serious operator will often run pieces of their stack on different providers precisely so that no single subpoena, breach, or policy change can take down the whole thing. The thirty extra dollars a month it costs to split the stack across two providers is by far the cheapest insurance you can buy.

FAQ

Is paying for hosting in Monero actually private if I bought the Monero on a KYC exchange?

Less than you might hope. The first leg of the transaction — your fiat purchase — is on file with the exchange, and many exchanges share withdrawal records with chain-analysis vendors. The Monero protocol itself hides the amount, the recipient, and the sender at the network level, but timing analysis and balance correlation can still narrow down candidates. The robust pattern is to swap into Monero through a no-account path such as MoneroSwapper, let the coins settle, and only then spend them on infrastructure. That breaks the on-chain link without depending on any custodian's promises.

Can any of these providers see the contents of my server?

Technically yes, in the same sense that any host with physical access to the hypervisor can in principle introspect a virtual machine. The mitigation is full-disk encryption with a passphrase that is entered at boot through the console rather than stored on the machine, combined with reboot discipline. For threat models that include a hostile data-centre operator, dedicated hardware with self-encrypting drives and a TPM, paid for through Privex or a similar provider, is a meaningful upgrade over a shared VPS.

What happens if my anonymous host receives an abuse complaint about my service?

Practice varies. Njalla famously treats complaints as opinions and will usually forward them to you for a response, defending the underlying service unless ordered otherwise by a court with actual jurisdiction. Privex publishes a clear policy and tends to defend customers vigorously against unfounded claims while terminating service for confirmed illegality. Servury keeps the policy short — they will forward, ask for a reply, and act only when legally required. None of the three will terminate your account at the first whiff of a DMCA-style notice, which is the most important property.

Are there cheaper anonymous hosts I should also consider?

Yes, but with caveats. There are smaller providers that accept Monero and ask only for an email, and many of them work fine for low-stakes workloads. The reason the three reviewed here keep coming up in serious recommendations is reputation accumulated over years of public conflict with rights-holders, regulators, and law enforcement. A provider you have never heard of might be exactly what they claim to be, or might be a honeypot. The unglamorous but correct advice is to start with the established names and only diversify when you understand exactly why you are doing so.

Does using Tor to reach my anonymous server provide extra protection?

It provides different protection. Tor hides your IP address from the server and the server's network operator, which matters if those parties might be willing to log inbound connections and correlate them later. It does not hide the server itself, and it does not protect against an attacker who has compromised the server. Combine Tor for administrative access with a non-Tor public endpoint only if your threat model requires the public endpoint at all. For internal-only services, an onion-only deployment is often the cleaner choice.

How often should I rotate the server, the payment trail, and the keys?

There is no universal answer, but a reasonable baseline is every six months for low-stakes workloads and every three months for anything sensitive. Rotation means provisioning a fresh machine with a fresh payment, migrating the data, validating the new host, and then destroying the old one with disk wiping enabled. Many operators automate the deployment side and treat the payment as the only manual step. The discipline matters more than the cadence.

Conclusion

There is no single best anonymous host. There is the host that best fits the workload you are running and the threat model you actually have. Njalla is the safest default for a project that needs a recognisable domain to live behind a strong proxy. Privex is the right choice when you need real systems-administration flexibility and want a provider with a long technical track record. Servury is the cleanest fit for an operator who has decided Monero is the only payment rail they trust and wants the entire billing relationship to live inside that ecosystem.

If you are starting from scratch in 2026, the highest-impact change you can make is to fix the payment trail before you fix the operating system. Swap into Monero through a no-account path like MoneroSwapper, let the coins settle in a wallet you control, and only then go shopping for infrastructure. Once that single leg is clean, the choice between these three providers becomes a comfortable engineering decision rather than a desperate retrofit. Pick the one whose philosophy matches yours, run it for a season, and revisit the comparison when something about your threat model changes — because something always does.

← back to blog