Why do you think so?

I may advise you to track previous actions and their outcomes. More often than not, it does work.

Also ICE 👎

Beginners will always gravitate to what is easier.

The upstream tools (Docker in this case) must orient themselves more towards the newbies, not only the pros, if we want to see the progress here.

Personally, as a non-IT guy, I find myself fighting uphill battles every time I want to do something seemingly simple, because the basic tools we’re offered are not made with common folk in mind. And I’m sort of an enthusiast - most people just won’t bother if it’s not plug&play, they don’t have time and energy to figure everything out.

(not me downvoting)

I understand the concern with locally made software. However, I’d rather see something open-source come from the US than something closed source come from my own country.

Speaking of Konqueror, what about Falkon? It is the newer option by KDE team, and works on a more modern engine. And, it works on Windows.

Of course I mean pure ungoogled Chromium, without bloat on top.

Not only browser code consists of millions of lines, it is also audited by thousands of people, and, importantly, changes can be highlighted, which doesn’t allow for them to go unnoticed.

Successful mass attacks with OSS typically require much more skill and resources as you need for you malicious code to be written in a way that stays unnoticed (and eventually, rather soon, it will be discovered, with all consequences).

With closed source programs, integrating malicious code is easy, and this code can stay there unnoticed for ages, so they are 100% “trust me bro, I don’t do anything bad”.

So, yes, OSS is more secure.

No, it’s a feature

Firefox is open source, and while it takes some shady practices to fund it (it sure isn’t cheap to run your own damn engine alongside everything on top), I take it as a more tenable compromise. It’s not about free as in beer freedom, it’s about basic security.

You can also have degoogled Chromium which is open-source if you’re into it.

Kinda, but I would like to tailor my experience a bit more than “all or nothing”.

IceCat is directly a GNU project, so it’s highly ideological - which is important and respectable in a way, but then it gets adoption to near-zero because most sites just don’t work out of the box, and to make it work properly means completely removing all safeguards that make IceCat make sense. There’s little in between.

I’d rather have something like LibreWolf, but without phone-home functionality, or at least a switch to turn it off. Out of all Firefox forks I know, only IceCat respects user privacy in this way - 0 connections on startup, and then only connection to actual site and whatever it requires.

Opt-in telemetry (ideally - leveled) and manual bug information sending are totally fine, though.

Nothing in the browser should be proprietary. Any proprietary part is a possibility of malice, and browsers are mission critical.

Brave? Hard no. Vivaldi? Also no.

Also, where are qutebrowser and Zen?

qutebrowser and IceCat are real top of the game when it comes to privacy. But then, they break some of the sites functionality, especially IceCat who seems to be going under the “if your site doesn’t work, it’s your site’s problem” motto.

I once purchased a Lenovo A6000 as it’s community supported, but my unit seems to be unsupported revision and I just bricked it so hard on so many levels it’s now impossible to rescue it without directly connecting to the board, which might be more costly than getting another one.

I would be fairly comfortable running a direct WireGuard connection even without Tailscale, but my location and use case simply won’t allow me to.

Your setup is valid, nothing wrong with it, and yes, it is more secure. Just can’t be used in my case.

I mean any connection through these protocols is just not working over the Internet. DPI equipment detects respective packets and cuts the connection, irrespective of the port you assign.

Yep

It’s not illegal to use VPN in my area, but connections are blocked on a protocol level, both through OpenVPN and Wireguard.

I already managed to make caddy work, so, hooray!

I also found a setting on my router that fully isolates certain devices from the local network. I want to put the server in there, so that the rest of my LAN is not under threat. I also want to figure out VLANs.

That’s a good piece of advice, but due to several considerations (extreme censorship interrupting VPN connections, family using NAS for automatic backups, and some others) I cannot go that route.

For now I’m only toying around, experimenting a little - and then closing ports and turning my Pi off. I do have my NAS constantly exposed, but it is solidly hardened (firewall, no SSH, IP bans for unauthorized actions, etc. etc.), fully updated, hosts no sensitive data, and all that is important is backed up on an offline drive.

Yep!

For me it’s a sense of reliability and control - my stack will keep working even if new censorship rolls out (I live in a heavily censored and sanctioned jurisdiction), or if there’s a global outage, or whatever else. I am also the sole authority over my piece of the Internet, and no one can do anything to alter it or take it away.

Update: tried Caddy, love it, dead simple, super fast, and absolutely works!

Yep, sharing stuff for others requires more expertise, as I’ll get responsible for other people’s experience. If I screw something up now, only I will be affected.