Wow, valid issue.

Spitballing, potentially a secure app could run memory only, blah, blah, blah. Nope, you’ve given M$ your screen FFS, it’s all over. If you care, move elsewhere, tell your friends…

As you point out, codes are an option, but it’s not a slippery slope, it’s a waterslide.

Thought it was something like that, hence needs must when the devil drives

Check here Personally wouldn’t piss on it if it was on fire, but needs must when the devil drives.

Pretty sure it’s in google services which you can turn on, personally think that waters down the point of Graphene if you leave that on, to the point of pointlessness, but some countries seem to live on whatsapp, more’s the pity.

TLDR:

Skip to today, and Big Tech is pursuing the same approach, often in the same states.

They too have funded front groups, hired an armada of lobbyists, donated millions to campaigns, and opened a firehose of lobbying money to replace real privacy laws with fake industry alternatives as ineffective as non-smoking sections.

Depends a lot on who you’re talking to, and your, and their threat models. For many, signal provides pretty good protection, which brings us to a salient point, anything that actually provides good security will attract plenty of negativity, often from state level actors who feel (are) threatened. If you’re playing at that level, adam_y is right, dead drops and one time pads. Presuming lesser threat, signal beats telegram and FB etc. Email is plaintext unless proton to proton, encrypted email is fine (look at PGP) and indeed if you encrypt at home before sending it’s pretty much a dead drop anyway, as long as the other party has a key, and I’m wandering off the beaten path.

Seems you want a secure messenger that works and are scared by random crap because you don’t have the relevant knowledge to decide (spoiler, very few do, and it’s insider knowledge, the world is imperfect), fair enough, but don’t let perfect be the enemy of good. As long as you’re willing to give up your phone number, Signal is well regarded (exchange privacy for security, you decide). But yeah, no perfects, world imperfect, trust hard, deal ;)

Pass it on…

We live in capitalism. Its power seems inescapable. So did the divine right of kings. Any human power can be resisted and changed by human beings. - Ursula K Le Guin

governments and surveillance, name a more iconic pair

Umm, if I understand you, it should be fine, you’d have the app and also proxies available on 8388 and 8888 or whatever you prefer on a different tunnel… It’s pretty much the VPN swiss army knife. Use wireguard if you can, it’s a lot faster (but more CPU intensive).

Spin up a gluetun instance, which will give you your proxy.

No idea, I was just using it to illustrate the existence of compromised exit nodes, which to my mind are a pretty fatal flaw in TOR, perhaps someone knowledgeable can chime in.

Compromised ? Maybe, but this guy doesn’t provide any evidence one way or the other. He’s using at least 7 other possible vectors (apparently Calculator Photo Vault just hides the gallery, no encryption, so it’s over right there) which is way too many for good opsec.

With Tor the question has always been compromised exit nodes as I understand it.

Absitively, use case here IMO is set and forget autoupdate to stay current and SELinux (which actually reduces surface)

For a media server speed matters little (5400rpm is plenty), if you’ve only got one drive, warranty is king. Thing is you shouldn’t only have one drive, drives will fail, and warranty doesn’t get your data back, so you plan for it. At the very least, you should look at getting an offline backup as soon as possible, now you don’t care if your drive fails and can get the cheapest ones. Ideally, you also set up a RAID5 (or Unraid, or mergerfs+SnapRAID) on your server, now you just get a replacement drive and rebuild. Remember RAID is not a backup, it doesn’t protect against accidental deletions for example, so you still want the offline backup.

Also, don’t sleep on manufacturer recertified drives, as long as you have a backup they’re significantly more cost-effective.

TLDR: set yourself up so that a drive failing is not a problem.

Been around since at least early Final Fantasy / Chrono Trigger SNES era (for some values of action). Maybe Atari ‘Adventure’.

I was here to say the same as pezhore, separating storage and compute is almost as important as separating church and state. Muck around, break things, have fun, all the while your data is safe (don’t forget offline backups though). The MS-01 is a fine looking box, but any old NUC / SFF will do for your purposes (modern AMD cpu or a graphics card if you need / want plex transcode).

Edit to add, old laptops are great compute nodes (maybe moreso from my ex corporate thinkpad laptop bias, but still)…

So, no-one’s mentioned tailscale. If it’s just for you, or some select friends, it’s probably the least friction to get secure access to your home network. Still, gotta check your threat matrix, do you really need it, is it really worth it for that occasional, maybe hypothetical usage ? Least access is best security…

GG ppl. Kudos.

Good to know, for such a simple thing, it’s amazing that notes hasn’t found a simple winner.