Any HTTP proxy will do it without VPN complexity.

I don’t see how exposing only port 443 makes much difference and port 80 for letsencrypt renewals.

If you are really concerned, buy VPC from large cloud provider, install HTTPS server proxy, configure your web browser to use it. 512MB RAM server will be sufficient as long as it is given enough CPU. Free google instance is suffering from low CPU, not memory.

This way your link between you and internet provider is obscured. Your IP will be shared with others by cloud provider, so you get some obfuscation on that end.

If you use your own certificate authority, then you will get 100% man in the middle protection for link between internet provider and your home. If you use let’s encrypt, then we don’t know that status.

Advantage of this model is speed.

Your browser is still finger-printable, as always.

Securing DNS is its own topic.

You shifted your identity to cloud provider, so it is never 100% safe.

Forget about we keep no logs VPN statements. Judge order and you are logged by VPN provider and don’t know it. So what are you paying for? Slow speed and obfuscation of IP?

Fingerprinting bypasses all your efforts.

What does VPN hide that HTTPS can’t hide for media server?

I am looking at the scenario of listening to my music collection on self-hosted Jellyfin server.

IP address of my phone? That’s irrelevant.

HTTPS is way faster than VPN.

That’s room temperature wallet. It was used while claiming asset unused.

It is not cold storage anymore.

Tricked or “tricked”.

Owner is spending all resources into AI neglecting actual search.

There was something else, but I forgot.

I’ve been disappointed by many and don’t trust commercial space.

Dig around and you will find no so pleasant information on DDG and Kagi. I suspect same is true for any business backed search.

I used both and eventually run into negative information, which made me reconsider both. I started with DDG, then Kagi.

It is SearXNG all the way for me now and there are no regrets so far. Other post on it is the best option.

It is an add in disguise for commercial project.

I think there is campaign to get people to use signal, while servers are proprietary and other things are questionable.

It is a great operation for convincing the majority.

Gogs is what became Gitea, is what became Forgejo. The fork history is a bit complicated.

But if Gogs works for you, no need to change.

I just run into a problem of Gogs not working well in Podman containers. I looked at Forgejo and it appears to have rootful and rootless setup configurations in docker. Gogs run well for me as a native Arch Linux service, but not so well under containers.

https://gogs.io/docs user here. I don’t remember why. It works.

There are more topics to cover than just encryption. Less on encryption, more on other topics.

Is it p2p or server model? I happen to lookup and it seems to be server as intermediary.

Is server side open sourced? Who is running servers? How does client choose the server to connect to? if hop server is tracking data, what will it see?

With all that end address obfuscation, how user friendly is establishing a connection with a friend?

We always have to ask what language is it auto-completing for? If it is a strictly typed language, then existing tooling is already doing everything possible and I see no need for additional improvement. If it is non-strictly typed language, then I can see how it can get a little more helpful, but without knowledge of actual context I am not sure if it can get a lot more accurate.

Cargo is heavily used.

Your tutorial is the odd one.

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue

Good counter discussion about PGP security

https://www.reddit.com/r/cryptography/comments/10cfslk/exactly_how_strong_is_pgp/

I would argue that latacora could be an attempt to push users into the systems that provide 3rd party service, which by definition of 3rd party service is not secure: WhasApp, Signal.

Only true P2P can be safe. PGP provides ability to send encrypted message using any means necessary: FTP, HTTP, anonymous services, USB sticks, anything.

why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted

The point about email having leaking matadata is 100% spot on.

The argument why Signal is better is very short and not substantiated IMO.

Be aware, that trusted Certificate Authority (CA) configuration applies to ALL certificates issued by CA. Thus, if one elects to trust “actalis” CA, then they trust ALL actalis CA users.

If the process of obtaining certificate was extremely simple, easy and did not involve identity verification steps, then bad actors can take advantage of this process and create identities that your client application will trust.

By itself the bad actor identity is of little concern to anybody, but it can have a significant impact if trusted identity is used in spam filtering, exploits of email client bugs or other hack attempts. Trusted users may be given higher access privilege at the client application level, which may be just enough for hacker to gain required access. For example, client application may be configured to trust all trusted senders with MIME attachments. An unknown trusted user sends malicious Application as file attachment. Accidental double click lunches the application without “are you sure?” prompt. Congratulations, machine is pwned.

The problem is easily mitigated by not importing root CA for easy CAs.

What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.

By definition, that key can no longer be considered “private”.

It is very important to emphasize that the key in this model is not “private” anymore. Thus, all the communication using this key is not secure anymore.

Private key is the one generated by hardware owned by the user and immediately secured with strong password. Ideally, private key does not leave the hardware that generated it. Thus, every device shall have its own private key.

In less restricted model, private key gets copied by the user to other hardware using media like USB stick or P2P communication model that does not use cloud services.