Alright, I'm slowly learning, bare with me here:
Then:
So:
Always-on VPN enabledBlock connections without VPN enabledAnd that will work? It will be encrypted during transit? And only run on the LAN? Does ProtonVPN need to allow LAN connections (I assume it does)?
Does Headscale conflict with ProtonVPN/Mullvad VPN (i.e. can I use those alongside Headscale)? Android has a limited number of VPN slots, so that's why I ask.
You could do a vpn hosting by yourself.
I'm uneasy about this, because I don't trust myself to do it securely. VPNs are a very complex piece of software, so I highly prefer to stick with widely used setups (i.e. "stock" VPN software such as ProtonVPN, Mullvad VPN, etc.)
I still want security in transit, no matter where it is being broadcast from.
but I’d suggest reconsidering the Pi
It's what I have on hand at the moment. I don't have proper server hardware yet.
and a microSD to host Jellyfin.
Beyond that, SD cards are terrible for this kind of task and you’d be much better served with an SSD as your boot/data drive for robustness. I can’t even count the number of failed SD cards I’ve had over the years.
I will keep this in mind, thank you!
Neither one of these are a good fit unless you plan on sticking to very specific audio and video codecs to avoid all transcoding and your upload speeds are capable of serving the full bitrate of your files.
I haven't tried playing videos from my Raspberry Pi, but I've been able to run extremely modern video codecs on some pretty old hardware without any issues. Since I've never had issues with video codecs, I'm not experienced in what hardware can and can't handle it.
Run in at home and get Tailscale setup with a Headscale server, or just use Tailscale straight out of you want. That’s the simplest.
I have no idea how to do this. Do you have any resources? Does it cost a subscription fee?
A better option would be getting an OpenWRT router
This is what I have planned. OpenWrt Two my beloved
You’ll have many different options for decentralized and NAT traversing VPNs with this option. GL.Inet Flint is a great choice.
I also don't know how to do this. Resources are much appreciated :)
Just run it on the LAN and don’t expose it to the Internet.
This would require paying for a VPN to allow LAN connections, which is an option but not my preferred one.
HTTPS only secures the connection, and I doubt you’re sending any sensitive info to or from Jellyfin
This is a matter of threat model, and I would prefer not to expose my TV preferences unencrypted over the network.
but you can still run it in docker and use caddy or something
Does Caddy require a custom DNS in order to point the domain to a local IP address?
The bigger target is making sure jellyfin itself and the host it runs on are updated and protected.
This is easy with securecore, since it updates daily. The rest of the semantics for the actual hosting side aren't too difficult.
!lemmysilver
Other people beat me to it on the other post, but none here!
Not so new browser controls let you block all advertisers forever
I used GNOME Disks to modify /etc/crypttab and /etc/fstab to auto decrypt and auto mount on boot. Jellyfin still loses its access each time I restart, even though the jellyfin group still displays having access to the files.
Edit: Turns out it does have access, but it's no longer under the /media/username directory. I have to point Jellyfin to /mnt/UUID instead. This fixed it!
Loops is a federated alternative to TikTok created by Pixelfed. Once it first came out, users were able to sign up for early access. Confirmation emails weren't sent right away, but today they announced that emails were being sent out, and registration is now closed.
I got a confirmation email today, attached in the image. I will be loosely documenting my experience, and may (no promises) make a writeup about it.
Many years ago, when I was first getting into privacy and security, I wanted to see how long passwords should be in order to be secure from brute forcing. There are plenty of password strength testers already, but I wasn't sure if they accounted for the increase of cracking speeds over time. Then, the idea came to me: What is the maximum speed for a password cracker?
The Planck Cruncher is a theoretical supercomputer, designed to crack passwords as fast as the laws of physics will allow. Here is how it is constructed:
Imagine a little computer that can fit in the smallest possible space in the universe: a cubic Planck length. This little computer is able to test one password every Planck time, the shortest possible unit of time. Now, fill every cubic Planck length in the observable universe with these little computers, all testing passwords at the same time, and you have constructed the Planck Cruncher!
I should note here: of course this is impossible to create. This is just a fun idea I had, to test the theoretical security of passwords. Don't take it too seriously.
First, you need to calculate how many of those little computers can fit inside the observable universe.
The diameter of the observable universe is estimated to be 8.8×10^26 meters in diameter. To calculate the cubic volume of the observable universe, you can use the equation for the volume of a sphere: 4/3*πr^3
A sphere 8.8×10^26 meters in diameter has a radius of 4.4×10^26 meters. Substitute that into the equation to get 4/3*π*(4.4×10^26)^3 which equals 3.6×10^80 cubic meters in volume.
A Planck length is approximately equal to 1.616255×10^(-35) meters. That means a cubic Planck length would have an area of 4.222111×10^(-105) cubic meters.
Divide the volume of the observable universe by the area of a cubic Planck length, and you get how many little computers make up the Planck cruncher: (3.6×10^80)/(4.222111×10^(-105)) which is approximately 8.52654×10^184 little computers. This is the exact number (rounded up):
85265403964983393378336097748259105456962168924502458604238495861430455049618543899011655543873668882698725826961915496774007125819288029139925501721769039231796606010595173836026575332
Next, you have to find out how many Planck times are in a second.
A Planck time is approximately equal to 5.391247×10^(−44) seconds. To find how many Planck times are in a second, you simply take the inverse of that to get: 1/(5.391247×10^(−44)) which is approximately equal to 1.854858×10^43 Planck times in a second.
If you multiply the number of little computers in the Planck Cruncher by the number of Planck times in a second, you find out how many passwords the Planck Cruncher can test every second: (8.52654×10^184)*(1.854858×10^43) is approximately 1.581553×10^228 passwords tested every second. The exact number is below (rounded up):
1581552541832778082294061053931661922686201706664570527082852925518538754570483301896790400140703419500140242637035837845567215262429787192831741927642510892782256238873773986538301349050212882962091805863577761872814550820473182
The complete equation is this: 
Since you know how many passwords the Planck Cruncher can test in a second, you can calculate how secure a password must be to fend it off for, say, 100 years.
There are 95 printable characters on a standard QWERTY keyboard. If you make each character of your password a randomly selected character from the 95 printable characters, you can calculate the number of possible combinations for your password using the equation 95^length where length is the length of your password. I will refer to this as the "complexity" of the password.
With that, you can calculate the bits of entropy of the password by using the equation log2(combinations) where combinations is number of possible combinations for your password. For simplicity, I will be referring to the strength of passwords by their bits of entropy. The unit used to represent entropy is the shannon unit, denoted as "Sh".
To calculate how many seconds it would take to crack a password, you divide the password complexity by the speed of the Planck cruncher. For example:
An 8 character password has a complexity of 95^8, or approximately 6.6342×10^15. That password has an entropy of log2(6.6342×10^15), or approximately 52.56 Sh. To crack the password, assuming it was the very last password tested, the Planck cruncher would take 4.1947×10^(-213) seconds. That is orders of magnitude shorter than a Planck time itself.
So, how many bits of entropy is secure against the Planck Cruncher? If you wanted a password that is strong enough to keep the Planck Cruncher at bay for 100 years, the password would need an entropy of approximately 789.66 Sh. The password would be 121 characters in length (rounded up).
A passphrase with the same entropy (assuming 7,776 words are in the wordlist, from the EFF Large Wordlist for Passphrases) would have 62 words (rounded up).
Obviously if the the universe is (literally) against you, you have bigger problems than a password protecting your sensitive data. This was just a fun thought experiment to see what the upper limit of password cracking is. It's interesting to see how a 1024 bit key would be resistant against even the fastest theoretical supercomputer for over a vigintillion years (assuming it has no other weaknesses). I hope you had as much fun reading this as I did writing it. Be sure to use strong passwords, and use a password manager.
It's pretty easy to spot dark patterns when you look out for them, but I found a pretty obvious example of this.
Stoofie is a brand that sells water fountains for your pet (I don't know what the problem with a water bowl is, but I digress). WayBack Machine
Plastered at the top of their website is "33% OFF Ends Today- Free Shipping" with no way to dismiss it. There is a scrolling text under the main image "FAST AND FREE SHIPPING 60-DAY FREE RETURNS"
If you scroll down, you're immediately introduced with a product with the option to buy two preselected. The rest of this section explains itself:
Other things are sprinkled in the main page, but it really is the prime example of dark patterns. I am personally sick of finding them, but would love to see more examples of what others have found. Please, share your favorite examples of dark patterns. Don't forget to archive them first so they can never be lived down.
By "local-only" I meant on-device
Privacy and security.
Networks are not a trusted party in any capacity.
A VPN such as ProtonVPN or Mullvad VPN are used to displace trust from your ISP into your VPN provider and obscure your IP address while web browsing (among other benefits that I don't utilize).
These are good questions but not ones I can answer briefly.