irotsoma

Thanks for the correction, that was a typo based on a long work day screwing with my brain processing acronyms. I meant to say DNS over TLS or DNS over HTTPS.

No. I don’t use DoH inside my network because I redirect DNS traffic on my primary VLAN to a pihole for ad and malware reducing. But I also control what has access to that VLAN pretty strictly. I have another VLAN for guests and untrusted devices that doesn’t use the redirecting, but does use the Unbound server as the default DNS, just doesn’t enforce it. And I have an even more locked down VLAN for self-hosted servers that also doesn’t use the pihole, but does use Unbound.

I use a local unbound DNS server on my router with Quad9 as upstream. I actually have google DNS entirely blocked/rerouted on my router because google uses it for advertising tracking, but I get creepers out by targeted ads showing up in random places when I do do something on a totally unrelated site. Most important thing, though, is to use DNSSEC DNS over TLS or DNS over HTTPS to reduce middlemen from using your DNS info to track what sites you visit and sell that data. Of course ISPs still see the destination of all of your data for tracking what sites you visit unless you use a VPN or similar tools, so you can’t hide it from them that way.

Edit: DNS over TLS not DNSSEC, totally different thing…

Matrix isn’t more secure/private than Signal. Both have advantages and disadvantages. Signal has a centralized server, but has no access to the keys to decrypt any of the data flowing through them. Matrix chat rooms live on servers that would theoretically be able to access the data in the rooms, so you need to trust the server owners. Advantage is that multiple servers are involved so no one sever can kill your chat room. With Signal, the disadvantage is if you join a chat room, you can’t see any past messages because those are encrypted with keys you don’t have access to. Similarly if you move to a new device, that device won’t have any of your past conversations because the new device doesn’t have the keys for those messages. (though migration is now somewhat possible but done poorly IMHO).

So, they address different concerns. Is your concern keeping your conversations private, or keeping your conversations from being censored? Signal is more secure and private, but more centralized and easier or to fail. Matrix can be secure if you host your own server or explicitly trust the owners of all servers that house your chatrooms to keep them secure and to not sell their servers in the future. Matrix is more distributed, so more difficult to be censored or have your data lost by a single point of failure.

Is it “secure enough” depends on what your concerns are. If you host your own, then it’s as secure as you are technically able to keep them secure yourself. Otherwise it depends on the server owner.

Servers are always going to be owned by someone. But the data is encrypted with keys not available to the server. Signal isn’t perfect, and I don’t like some stuff they do, but it’s the best design out there that is also relatively user friendly and doesn’t have holes that are easy to exploit by the server owner.

Yeah, the system was on a single server at first and eventually expanded to either a docker swarm or Kubernetes cluster. So the single server acts as both a docker host and an NFS server.

I’ve had this happen multiple times, so I use this pattern by default. Mostly these are volumes with just config files and other small stuff that it’s OK if it’s duplicated in the docker cache. If it is something like large image caches or videos or other volumes that I know will end up very large then I probably would have started with storage off the server in the beginning. It saves a significant amount of time to not have to reconfigure everything as it expands if I just have a template that I use from the start.

Most advertising links are routed through click tracing sites so that they can add some tracking information about what advertising campaign brought the user there and what that user does while on the site among other tracking data. In the rare cases i want to see something from an email, I never click on links, I always copy the URL being displayed and paste it. You can get email clients that have settings to warn you about this or that will automatically use the displayed link and ignore the anchor link.

Unlikely at least in the near future. The remnants of Dodd-Frank and anything that Biden did are high on the list for Trump’s chopping block.

I use NFS shares for all of my volumes so they’re more portable for future expansion and easier to back up. It uses additional disk space for the cache of course, but i have plenty.

When I add a second server or add a dedicated storage device as I expand, it has made it easier to move with almost no effort.

I think mailcow only supports Pushover for notifications, but it may have changed.

Signal is the easiest with true end to end encryption with keys stored on the endpoints only.

Not OP but I left because of the proposed change in moderation policy to allow “free speech” that basically would negate the anti-hate-speech policy.

There’s some concern now that Startpage is majority owned by an ad company. The company says they want the ad revenue rather than the user data, but it’s hard to trust that. I used to use it but moved to Searxng.