The usual way for me is to give certbot write access to a directory in the HTTP root, so the server can keep running.

For internal stuff, it may be easier to set up your own CA.

Try to get as much as possible off Windows. You can transfer the remaining Windows-only programs to a virtual machine in snapshot mode, or if necessary, a real machine with a backed up image, that you can reimage regularly.

Not everyone can get off Windows. But get as much as you can. Isolate what’s left.

I see loss, I downvote.

The simplest explanation is that OP doesn’t have good opsec, and got a few tracking cookies after deleting cookies, before setting up their proxy/VPN. Then, on the VPN, the advertiser recognized their VPN IP address, and chose to exclude that from generating location data, deferring instead to the location indicated in their existing tracking cookies.

Privacy is hard. The system is rigged against privacy. You have to do everything perfectly, because one simple mistake could leak your IP address.

It would be a more meaningful discussion if the government wasn’t controlled so much by large corporations and oligarchs.

The GrapheneOS people. Everyone in their IRC unironically thinks Iphones are highly secure, in part BECAUSE they are proprietary. But they also don’t tolerate any criticism of Google, especially if you criticize Google for being proprietary.

I have self hosted my email since 2006. I gave up on self hosting outgoing mail in 2021, but I still keep the server up for incoming mail, and still set up throwaway accounts on there.

The hard part of hosting email is getting Google and Microsoft to accept outgoing mail. Tons of businesses that do not have visibly outlook .com or gmail .com addresses are still hosted by those servers.

I had SPF, DKIM, and a static datacenter IP address with no reputation problems. I still couldn’t get through to Microsoft, not even in people’s junk mail directory, until they manually whitelisted my address. Microsoft didn’t allow them to whitelist a whole domain. Google was a little easier, but they added new demands monthly.

In 2025, I can’t get reliable delivery to gmail .com addresses even sending from a hotmail .com address in the outlook .com web interface.

Not sure how much you’re paying for your VPN, but a virtual private server can be had for about $5 per month. You’ll get a real IPv4 address just for you, so you won’t have to use non-standard port numbers. (You can also use the VPS as a self-hosted VPN or proxy.)

$5 per month doesn’t get you much processing power, but it gets you plenty of bandwidth. You could self-host your server on your home computer, and reverse-proxy through your NAT using the VPS.

Cloudflare has IP banned me before for no reason (no proxy, no VPN, residential ISP with no bot traffic). They’ve switched their captcha system a few times, and some years it’s easy, some years it’s impossible.

Aluminum foil works. At least, I can’t receive calls or texts through it last I tried.

Get the heavy duty kind. It’s not any more conductive, but is more durable against tearing.

Note that a gap in your phone’s tracking data can look suspicious at times. Sometimes it’s less suspicious to leave your phone at home.

deleted by creator

Sex art is art

Device integrity is important, but in the sense that I don’t want police to be able to get in if they take my phone while it’s locked. The phone should not be trying to protect itself from me, the owner.

I’m not planning on running any banking apps, nor any other proprietary apps that need any sort of remote attestation. For sensitive data, nothing like “other people’s social security numbers”. Just my own data, which I would prefer remain private.

Seedvault uses Android’s built-in backup infrastructure, so it won’t back up things like Signal, or proprietary apps that resist being backed up. Only a rooted app (or rooted adb) can properly backup an Android device.

By “mess with apps’ internal states”, I want to see what data proprietary apps are storing about me, and selectively delete it. I want to replace their certificate authorities with my mitmproxy’s certificate authority, and intercept their connections to understand them. I want to try modifying apps’ code – for example, call recording doesn’t work on my current phone, because there’s supposedly some XML file somewhere that marks all the US as “recording is illegal”. GrapheneOS claims to fix this, but there may be future problems in that same style, which could be fixed by modifying just one file.

When you switch to an admin account on Windows, there are still files owned by “TrustedInstaller” that you can’t touch, and processes owned by “System” that you can’t terminate.

Linux doesn’t have that. When you switch to root, you can kill any process. You can modify or delete any file.

This survey doesn’t distinguish between levels of cloud service provider, so I was a little confused.

Virtual private servers, cloud virtual servers (like AWS), cloud-based software where you provide code or a program and the cloud system runs it on a server of its choosing, and cloud-based systems where someone else provides the software (like Google Docs).

Actually, space law is an important thing.

So, do you play Space Station 13, or Space Station 14?

(“Lawyer” is a playable class in SS13, and a base starting class in SS14.)

Jellyfin depends on proprietary Microsoft .NET, even on Linux.

It’s still better than Plex and Emby, which are fully proprietary, and have no source code. But I will stick with sshfs with kodi, and nginx plus mpv for now.

This article seems like a lot of FUD written from an anti-FOSS perspective. In their second point, they say that F-droid’s inclusion policy is “ridiculous” for requiring programs exclude proprietary software. I think the author is ridiculous for asking for this. This is what F-droid is for. I don’t want any proprietary apps or libraries on my phone. If developers only want to work on their proprietary software, they don’t get into F-droid. If they make a modified FOSS version and put it in F-droid, and let it bitrot and go unpatched when vulnerabilities are discovered, and F-droid issues a security advisory for that program, that’s not F-droid’s fault.

Trump isn’t the politician I most loathe. He’s just the only politician that I’ve ever feared might kill or imprison me purely for who I am.