DigitalDilemma

How we’ve done it recently:

1. Put domain on cloudflare or another registrar that supports an API. Generate a token with the right privs.
2. Use certbot with the cloudflare plugin, and that token, and generate whatever certs you need within that domain using the DNS01 method.

No need to have port 80 open to the world, no need for a reverse proxy, no need for NAT rules to point it to the right machine, no need to even have DNS set up for the hostname. All of that BS is removed.

The token proves your authentication and LetsEncrypt will generate the certs.

Four planets?

Well, this aged quickly.

It’s fine, but not going to be the cheapest.

Cheap to buy: Any old PC desktop, really. Most will run linux and windows fine, depending on what you want. Anywhere from free to £100. If you have an old desktop or laptop already, use that to start with.

Cheap to run: Any mini PC. I run a Lenovo ThinkCentre M53 for low power duties. Cost £40 and runs silently at 10watts, idle. (I have a secondary, much beefier server for other stuff that runs at around 100w which lives in the garage)

But plenty of people do run mac minis as home servers, often on Linux. They’re fine - just do your homework on the CPU ability, how much ram you can add, and whether you’re okay with external disks if you can’t fit enough inside.

Moved my stuff over a few months ago, ironically as a de-googling exercise to stop using Gdrive. :/

It even has the approval of my wife.

He is the chosen one! Hail him!

The point people are making is that communication and discipline, both things that require time and skill, would be a better, less invasive approach.

Perhaps that’s being done as well?

But even if it is, that approach doesn’t work with all people, no matter how skillful or how much time is put into it.

True - although just because you are paranoid, that doesn’t mean they aren’t out to get you…

And hopefully will continue to be asked, because one day it may not be poor OPSEC.

In my experience, /most/ people don’t care and further, they don’t want to care.

Even those that do care have to exist on a sliding scale of compromise in order to function.

since the plain text isnt stored

I’m not sure I’d accept a bet on that assumption.

In my experience, the AI bots are absolutely not honoring robots.txt - and there are literally hundreds of unique ones. Everyone and their dog has unleashed AI/LLM harvesters over the past year without much thought to the impact to low bandwidth sites.

Many of them aren’t even identifying themselves as AI bots, but faking human user-agents.

robots.txt does not work. I don’t think it ever has - it’s an honour system with no penalty for ignoring it.

I have a few low traffic sites hosted at home, and when a crawler takes an interest they can totally flood my connection. I’m using cloudflare and being incredibly aggressive with my filtering but so many bots are ignoring robots.txt as well as lying about who they are with humanesque UAs that it’s having a real impact on my ability to provide the sites for humans.

Over the past year it’s got around ten times worse. I woke up this morning to find my connection at a crawl and on checking the logs, AmazonBot has been hitting one site 12000 times an hour, and that’s one of the more well-behaved bots. But there’s thousands and thousands of them.

If cookie prompts annoy you (and why wouldn’t they? Complicated and time wasting prompts caused by terrible and compromised legislation that’s led to far more intrusion instead of enforcing use of browser settings) and you don’t care about cookies, then the browser extension “I don’t care about cookies” suppresses the vast majority.

But UK laws do, which share a lot of commonality - like the GDPR

I think this type of scheme is illegal under the GDPR, which is in effect in the UK just as it is in the EU.

It’s been a while since I worked with the GDPR, but from memory the wording is such that:

The data holder needs to allow people to opt out of data collection. The subject can request to be forgotten. The data holder explicitly cannot charge for this.

But changes move slow, and The Mirror is probably banking on nobody caring enough to complain, and Trading Standards being too underfunded and swamped with other work to investigate otherwise (which they are). If they’re challenged, they’ll just change tack, go “oops” and are unlikely to hit big fines unless they dig in.

Cookie laws are a horrible mess and always have done - the resulting consent banners are far more intrusive than anyone wanted.

I think you have to be exceptionally strong to resist this sort of thing. You can justify sponsorship in a hundred ways - not least to yourself. But in every case, it changes everything. That, of course, is why companies spend money influencing the influencers.

Buyer beware, as always.

A non technical answer: Don’t interact with other players and don’t give out any personal information.

Use a unique and non-memorable username in steam and in game. Don’t use any of the social functions in steam.

It’s often overlooked that the biggest risk to personal information is the person themselves.

(Obviously you need to give some information to Steam for purchasing, and others have shown other methods to limit what information is sold about you as much as you an. It also depends where you reside - the EU has better protections than most)

Agree, and I switched over a couple of years ago. Only yesterday learned about Mermaid graphs and was impressed that Joplin does them natively.

I don’t think Snowden’s endorsement is the positive you think it is. Even if you can ignore treason, he’s a pretty toxic person, by all accounts.