This is kind of how VeraCrypts hidden partition feature works.

You start the process of the volume’s encryption and set a “false” password for it. It creates a partition that is encrypted with that password. When it finishes, you mount it and store “fake” files, the files you would reveal under duress. Veracrypt then takes in a second password and creates a “hidden partition” in the remaining free space of the disk - to be clear, that memory space still reports as unused/free if investigated, but the partition is there.

You can then mount that with your second password and store your actual files. You can work with files and folders in the hidden partition as needed, however if anything is added or changed etc in that first fake partition, the data in the hidden partition will be corrupted by those actions.

This means that so long as you plan ahead, someone can literally put a gun to your head and demand the password to the encrypted disk, and you can give them one that works without revealing the data to them.

In theory, since the data in the hidden partition is encrypted and unreadable, it is impossible to detect that it exists in the “unused” space of the disk, even by a forensic analyst. To them it would just look like old, randomly flipped bits that came from previous usage followed by a quick format.

Now, what’s really cool about this is that if you use the veracrypt bootloader, you can store and boot from an undetectable OS you store in that hidden partition:

https://veracrypt.io/en/VeraCrypt Hidden Operating System.html

This is beautiful.

I’ve been looking for exactly this for some time, really excited to try it out.

Reverse proxy/SOCKS5 works well in my experience.

I have a little computer on my network which runs my VPN - then on that computer I have ssh listening on a non-standard port that my VPN’s dyndns links up to a human readable hostname with a different port.

If I want to watch stuff off-network I just have to ssh -D to that hostname and port and then configure a browser to use the connection as a SOCKS5 proxy, then jellyfin and anything else I’m hosting works as if locally through that browser.

The ssh is key based as well, not password based - haven’t had any incidents in doing it this way.

With this question asked, I’d like to build on it and ask what options exists outside the realm of google given their recent bullshit.

For those who know, tell me about the pine phone, fair phone, anything else like this.

When google fucks shit up in the near future, I would very much like to hold on to the ability to side-load apps using obtainium and f-droid indefinitely. Are the pine phone/ fair phone reasonable for this? What pros and cons am I looking at?

Maybe the answer is not to flash some obscure on life support operating system on your Google pixel but rather… maybe the answer is to work within the system and simply adjust privacy controls as allotted?

And when those controls are removed because most people went along with it and they were determined as a waste of development time by a corporate or government entity because people also give up on that then what? This is not an answer to anything, it’s complacency that will just erode privacy more and make the problem worse.

Perhaps consider a SOCKS5 reverse proxy. If done over SSH, the client systems networking would act as though they are on the server itself, traffic would be secure, and it would walk around most firewall rules that probably exist.

Using key based authentication would also make it such that it is more secure and easier for the researchers to log in - they wouldn’t even have to remember a password, they would just need some SSH client/configs.

Specifically, read up on “bastion hosts”.

This kid is going to have a career.

Make good connections with people you trust internationally. If it really comes down to it, between friends, people who care could work together to set up SOCKS5 tunnels or some such to walk around it pretty cleanly, but you would really have to trust whoever you give credentials to since they would be using your internet connection for whatever. Could also straight up just install the OpenVPN server for this.

Once or twice I have opened a tunnel to friends on one of my servers through a bastion host - any outgoing traffic from the server goes through my own VPN, so it wouldn’t matter if they couldn’t access a VPN in their country.

For anyone who doesn’t care to learn, which in my experience is the vast majority of all people, not much can be done. Even the people I meet who say they do feel that they care deeply mainly just like to be loud about that, but never actually put in the work to learn how to do something as simple as use ssh -D, let alone learn how a proxy actually functions.

I suppose the best those in the know can do is to make it clear that they do know. Should friends actually begin to care, then they will know who to go to for possible solutions.

Surpassing where we used to be in that regard as in the mean time they have been busy locking down controls over other facets of society.

Got my HPE DL380 G9 networked and configured with hardware RAID 0 and Debian running under ProxMox for a test run (need more disks for RAID 5). Thing had an advanced iLo license intact from the previous owner.

Deployed a docker container of linkwarden to it to try out and it seems pretty nice.

Valid points.

No (at least not per the language of the act) . Paragraph 2 which it references does not include cases of possession or purchasing for personal use, or personal use itself etc. You have to have spoken about specifically making or selling fentanyl, meth, or prescription pain meds or stimulants (and falsely claiming to be a doctor).

Paragraph 2 which it references does not include cases of possession or purchasing for personal use, so those people should be fine.

Big piece of this is paragraph 2 referenced, which reads:

“(2) FACTS OR CIRCUMSTANCES.—The facts or circumstances described in this paragraph are any facts or circumstances establishing that a crime is being or has already been committed involving—

“(A) creating, manufacturing, distributing, dispensing, or possession with intent to manufacture, distribute, or dispense—

“(i) fentanyl; or

“(ii) methamphetamine;

“(B) creating, manufacturing, distributing, dispensing, or possession with intent to manufacture, distribute, or dispense a counterfeit substance, including a counterfeit substance purporting to be a prescription drug; or

“© creating, manufacturing, distributing, dispensing, or possession with intent to manufacture, distribute, or dispense an actual or purported prescription pain medication or prescription stimulant by any individual or entity that is not authorized, which includes an individual or entity that falsely claims to be a practitioner.

I see, thanks.

UpNp or port forwarding is the same way both Plex and Jellyfin work.

I don’t know what makes Jellyfin less secure since they both work the same way for this as far as I can tell…

Can you be more specific about what makes Jellyfin less secure when it comes to UpNp/port forwarding?

In the case of port forwarding at least Jellyfin is open source and has more eyes on it so it’s less likely for someone to zero day it and have at it unless I have misunderstood how each can connect off-network.

Furthermore the hash for your password is stored along with many others at a single (or relatively few) attack point/s on a Plex business server since it’s a centralized business whereas this is never the case for Jellyfin.

Also this thread is about Plex literally selling your personal data so I don’t really consider Jellyfin worse for exposing your personal data.

I’ll take my chances with a single idiot who want’s to compromise my poor asses tiny network versus an actual hacker who wants to compromise an enterprise businesses network that is storing thousands or hundreds of thousands of user credentials, data, and payment information (Which Jellyfin doesn’t store even half of).

If someone hacks Jellyfin on my network -> They have my… media files? Maybe the hash of the one password I use there?

If somone hacks Plex on my network or anywhere - or the people they sold that data to -> They have my password hash, credit card number and probably my name that is associated to it, personal data that Plex is selling, etc.

TL:DR I think Plex is more likely to be hacked rather than myself and the outcome of Plex getting hacked is worse than if my personal Jellyfin server gets hacked.

I went to the Jellyfin landing page, went to the install instructions, copy pasted and ran literally one command, opened it in a browser, made my local account, clicked a button to point it at my media folders and then I was done.

What isn’t easy?

Thanks, I’ll read up on this!

Thanks, I’d probably still go the Libre sweet potato route over a Roku stick or something in that case though, as there is a price difference there of at least $20.

I’ve heard a lot about Kubernetes, but haven’t actually had to interact with it once incredibly. Interesting, thanks for the recommendation!