I see you have a bunch of good answers now, so I’ll ask; if you are comfortable self hosting, why not consider a VPS? Yes it can be a little bit of maintenance, but it’s very minimal and you get far more flexibility and the ability to further develop those selfhosting chops.

These politicians need a lesson in civics. You are not building safeguards that stop nazis, you are building the nazi “person finding” infrastructure for them before they even get in power.

I use sendgrid as my outgoing smtp relay to avoid ip reputation issues you mention. You still have to configure your dns settings for spf and dkim pointing at their servers instead of yours. Their free tier is 10x the email I’ll ever send so it doesn’t cost anything. There are a few companies in this space with free tiers. It works, but it isnt Gmail level deliverability. I still get spam binned occasionally.

Phone number and trust-on-first-use for most people, with out-of-band fingerprint verification for the paranoid. It really depends on the threat model and the security practices/awareness of your colleagues, but a link shared on some social media or lower-security chat network is more vulnerable to a man-in-the-middle attack than a phone number for your average Joe. There are a lot of ways a person could get a manipulated invite link.

Either he was arrested with no record of the arrest (i.e “disappeared”) which is a new line for the administration to cross, or he disappeared for another reason (by himself, or with help or coercion by a foreign entity like the CCP), and the FBI is investigating.

I hope journalists keep on this because the first option would be a huge problem that everyone needs to know about, but without more information, the second is also a possibility. The CCP is known to have agents in western countries that manipulate and pressure ex-pats to return to China. Keeping an open mind now will also strengthen the argument if evidence for the former comes to light.

Might be easiest to just drill out the mic and camera, and use a usb headset for calls. I also suggest specific threat modelling and learning about opsec as that may help you feel more in control. After that, please look after your mental well-being. We all should.

This is signal detection theory combined with an arms race that keeps the problem hard. You cannot block scrapers without blocking people, and you cannot inconvenience bots without also inconveniencing readers. You might figure something clever out temporarily, but eventually this truism will resurface. Excuse me while I solve a few more captchas.

Out of band key exchange is great -as long as people can physically meet and exchange QR codes. In reality, they are often sent via less secure means. As always, the humans are the weakest security link.

It does, I tried it. Though, that may have been an addition since the attacks started.

Though, in that specific case - Russian agents conducting espionage via targeted individuals - it’s very likely they surveil their targets long enough to catch their device PIN before they nab the phone and return it. In the end, there is very little recourse to defend against this type of Evil Maid attack. Signal is really better at protecting against mass surveillance, but for individuals directly targeted by state espionage? You would need serious opsec, using air-gapped computers kept in safes or guarded by humans 24x7 and other crazy stuff. They have rules about what can be physically done with devices containing top secret information for a good reason.

The exact reason why it’s bad for top secret communications is why individuals should use it or something like it. That is government auditability.

This is the only question that really matters. If it’s overpriced? meh, it’s a cheap alternative to a NUC. But if it’s going to be stuck on obsolete software forever, run.

I used stunnel years ago to tunnel both openVPN and SSH traffic and it worked flawlessly. Looks just like https web traffic to dpi software. Beware though, that long open connections can also set off flags, so don’t keep connection’s open permanently.

That 600mbps is the throughput of the encryption on those devices. It’s no different crossing networks, but the speed will be limited by the network speed. The benefit of a p2p vpn is that you don’t need to shut it off when you join the same network. The devices remain accessible at the same ip whether they are on the same network, or if one is somewhere else. The overhead is negligible and you gain the security isolation that would normally require subnets and a firewall.

In the end, yes, I can stream HD video just fine from another network. For most people, the limitation will be their home ISP’s uplink speed.

It’s going to depend on the devices involved, but I get about 600 megabit or so between two computers over tailscale on my network (really, wireguard). That’s what, 10 HD video streams? Of course, it’s going to depend on device cpu capability and network bandwidth.

Car batteries are cheap storage if you very rarely discharge them. You get many years if you are only using the top 80% or so of their voltage range, but if you discharge them to 50%, you only get a few hundred cycles, and if you discharge to 0%, you get dozens, if that. “Deep cycle” batteries have the same characteristic, but tend to give you more amp-ours before you hit those thresholds.

Good Lifepo4 batteries could last up to 10 years with daily full discharges. They are quite amazing in that respect. They are also likely safer than even lead acid -which need to be vented properly to avoid hydrogen gas buildup. They don’t get thermal runaway like lipos, but the cells are very much capable of producing enough current for electrical fires, so you want ones that are built properly. Maintenance is pretty much just “don’t ever charge it if it’s frozen.”

DIY, all DC is often the way to go if you are trying to run for a long period of time. UPSs are really typically designed to run just long enough ride out brown-outs or to shut everything down safely in a total blackout. Some even shut down if they don’t sense a heavy enough load (i.e., designed to assume servers have shut down, and so preserves the battery -I banged my head against that for so long!).

I have everything on a consumer-grade APC now, and I have it set up to give me about 3 minutes of server, + another half hour of basic networking. I do have some marine deep cycles and an inverter, so I could set up the networking to run longer if cell towers were down and I needed it. But I’d likely use the energy for other things.

I like this approach, but I’m currently sitting in a foreign hotel who’s wifi seems to block WG. Annoying. Keep a TLS-protected reverse proxy for things you might need through obscure networks.