Sam A.

Might be that someone is innocent, and thus didn’t read the 5th-8th amendments before going out and doing some dumb and illegal shit (read: they didn’t).

I would not do that. The whole idea behind Tor Browser is to make users look similar. By using a custom DNS provider you stand out from the crowd, thus making yourself more unique/identifiable. A website may not be able to see who you are, but it’s gonna have a way easier time seeing that you’re the same person visiting as the person who was there yesterday.

In the compose file for Audiobookshelf, you need to add the service itself to the network you defined at the bottom. Something like:

services:
  audiobookshelf:
    ...
    networks:
      - default
      - nginx

(The default network is to keep it in the network that is created on docker compose up).

IVPN, Mullvad and Proton are some good ones.

Thanks for replying, I ended up with Simply.com, a Danish provider (I live in Denmark). They didn’t want any KYC besides the usual you give when paying with a credit card, full name, address, email, phone. It’s a .me domain, so maybe that’s why.

My domain is still being transferred, so I’m crossing my fingers, but it’s a quite big provider, so I’m not really worried.

May I ask what domain registrar you switched to? I’m having the exact same issue, albeit not with Proton but another email provider.

Not that I’m gonna discuss your personal opinion, but what do you mean specifically by “ungoogle-able phone”?

Perhaps you could also print an encrypted version of your Bitwarden TOTP secret on a QR code and bring it with you in your luggage?

So, encrypt the secret with a passphrase you can remember, encode the entire thing in a QR code and print it on a piece of paper. Easy.

So your password manager uses your phone as 2FA, and the credentials inside your password manager also use your phone as 2FA? Hmmm…

So essentially, you can’t bring your phone, that’s the main issue. Does your authenticator on your phone support exporting a backup? Then store that in your password manager if that’s possible and set up an alternative 2FA for your password manager (SMS on the burner phone number perhaps or a security key). Then when you arrive, reinstall the authenticator on your burner phone and import the backup.

I’ve been there, I used the “encrypted partition to be unlocked after boot via SSH”-option, but it quickly became tedious to have to input the password every time it rebooted. I wanted something that could recover by itself (I.e. start everything up again after a potential crash), so that I could maximize uptime and the investigate the crash later.

So I ended up disabling encryption. What I did instead was to find services with E2EE for my most sensitive stuff. Joplin for my personal notes is currently the only thing I have encrypted. Nextcloud has experimental E2EE, though I’m not really using it as of right now. Everything I deem too sensitive to trust my server with unencrypted, I store on encrypted flash drives.

I think the risk of the server itself being compromised/hacked is bigger than physical theft (at least in my case), and if you take some good precautionary measures, even that risk is pretty small unless you’re being directly targeted by a skilled adversary. If the latter is the case, don’t store sensitive stuff on something with an IP address.