Hahaha… What a stupid take. Yeah scientific research isn’t biased and hasn’t been poisoned by conflict of interest… never has been and never will I guess? Scientific research is the ultimate truth of wisdom and you don’t need your own critical thinking anymore 😮‍💨 (Yeah the tobacco industry was right, smoking is healthy !)

when the researchers themselves are saying the work isn’t over. why are all the super geniuses in this thread so smugly announcing this topic is wrapped up?

It’s better to be safe than sorry

Edit:

Therefore, the fact that no evidence for large-scale mobile eavesdropping has been found so far should not be interpreted as an all-clear. It could only mean that it is difficult – under current circumstances perhaps even impossible – to detect such attacks effectively.

https://link.springer.com/chapter/10.1007/978-3-030-22479-0_6

Scientific enough?

76 up’s / 68 down’s on OP’s post.

It’s very close, still the majority wins, that’s how it works, if not happy change the system not the voters.

Maybe not 24x7 but this did happened and people have reported it multiple times. If you really think those multi-billion dollars companies are not capable of or won’t do anything so sketchy because it’s not “worth it”, then it’s time to open your mind to the possibility that those companies are not your friends.

This is a neat workaround !! Still, for privacy reason I keep my addons to a strict minimum.

However I save your comment as emergency workaround ! Thanks for the tip !

I get your feeling :) Don’t worry the silent majority is on your side. However they won’t comment because they fear from being banned or backslashed…

While It can’t be proven or disapproved, I also had my share of strange coincidence where my mind goes “Huh? How is that even possible?”… Kinda strange feeling! But that feeling gave me the push to the privacy route maybe in a rather to extreme direction? Always follow your guts when there’s to much noise to make a clear decision.

• RethinkDNS (block every in/out request except those manually allowed)
• Degoogles android (Shizuku+canta, magisk, debloater)
• Only open source apps and delete everything else (no exceptions here) -…

You will never get full 100% privacy or anonymity, however you can make your data as much as difficult to get and waste some of their resource and time :).

Good luck !

Yeah… This was probably intentional. Now we get why ! They didn’t put to much effort for the self-hosted version, because they didn’t want you to self-host.

I think it was… Cyberwar/crime is the new kind of war, it can be deadly and put a whole country/system on halt with a lot of consequences (human and resources).

Most people would call out conspiracy theory, but I do firmly believe that those higher ups are doing WAY more bad things behind our backs than we can imagine.

But hey we have no proofs, except those lost trails left by good people who need to hide their own asses because the government are looking for them for crime against the government?

That’s exactly why I value privacy and doing everyday my best to leave as less information about me as possible. Sure they have the mean/money to find where I live in seconds but they won’t get that information without a fight ! F#CK big corporations !

That’s also how my Linux download folder looks from time to time XD But since I’m on Arch bases distro I try to be more organized and clean-up that Download folder mess !!!

I’ve subscribed to YT Premium today.

If you’re on Android there’s InnerTune. It’s basically YouTube music but for free ! Just to bad you can’t directly access downloaded files to export them elsewhere. (Yeah that’s practically piracy and illegal)

I like navidrome + Tempo as self-hosted solution. Works well without any issues. However, I read about horror stories people losing all their media or fucking up their media library ?

Also, that’s a huge song library (20.000?)… Not sure this can be easily handled over to a self-hosted solution? But first you need to organize your songs

Hi there ! Sorry my English is not that good, but I’m doing the best I can !

Actually, I do not have a VPS. I use an old spare laptop as server which handles everything.

I have Wireguard barebone installed with a a second external wireguard interface and some iptables to send all traffic to ProtonVPN.

All my containers,on the same laptop, are directly reachable via this configuration and HTTPS is handle by Treafik with my self-signed local certificates (root CA with intermediate CA).

Eg: From my mobile over WiFi or 4G I can access all my containers where ever I’m. My endpoint in my Wireguard’s confirguration (on my phone) being my home’s public IP.

I hope I answered your question? If not I’m willing to give you a diagram of my setup, this will probably clear up the confusion/question? And will probably be way more explicit than my broken English 😄.

Probably what you’re looking for is the following setup:

docker <-> services <-> reverse proxy <-> VPN <-> Internet

1. Your next step is to chose a reverse proxy to handle your requests and serve your services on port 80 and port 443. There are several choice and you have to somehow stick with it, because each reverse proxy has it’s up and downsides and learning curve:

• Treafik (that’s the one I use and is specifically made for containers)
• Caddy (Never used it but heard only good things about it)
• Nginx (this one is a beast to tame, however I heard it’s easier to setup with nginx proxy manager)

Those are the 3 big players I’m aware of.

2. You reverse proxy ready and functional you need something to access them outside your LAN. There are also several ways to achieve the same goal. The one I use and are happy with is to configure Wireguard on your server and only open the port needed to connect to it.

This is also a big part and probably this is the route of a tinkerer and have lot of personal time to spare… There are easier AIO routes that will probably save you time and energy. (Others will point you to the right direction)

3. Bonus tip

You will rapidly understand the necessity of DNS. Reaching out to your services by IP:PORT will annoy you over time, even if you save them as bookmarks. Also if you don’t assign a static IP to your containers they will change every time you restart them or reboot your server. Not very practical !!

Here you have 2 choices:

• personal mini certificate authority (totally free and personal local domains but harder to setup)
• cheap domain name with automatic certificate generation.

I personally chose the tinkerer route and learning process. But I have time to spare and while I prefer this route… It’s very time consuming and involves a lot of web crawling and books reading.

If you are interested I can recommend you a good ebook on how to setup your own mini-CA :).

Hope it helps, you are halfway through !

Trying to add a direct path to files doesn’t work.

Dunno what’s wrong here, but I do add a files direct path to /etc/ssl into a docker container and works as expected.

I think It’s related to miniflux and have my self-signed certificate in its truststore to communicate with wallabag (inter-docker communication).

I can’t give you a snipped of my compose but will gladly edited my comment when home.

Yep ! No-ads, no-sponsor, no-shit.

You even don’t need to self-host, just disable piped proxy, enable local extraction, use HLS and a good VPN.

Sure it’s not as anonymous and sometime I need to disable my VPN, but that’s only temporarily, until they find a new loophole in youtoube’s api.

That’s not piped nor invidious backend’s fault, just YouTube doing his cat and mouse thing…

Nobody ever talking about lychee ?

Yes okay it’s not GPL or written in a fancy new language (PHP is still alive xD). But it’s simple, elegant, no UX bloat, no ML or IA stuff… Just a plain simple self-hosted photo manager.

One thing I really liked about it, you can import you external photo’s with .xmp files, just one checkbox away.

The tag feature is simple but working as expected. Nothing fancy but it does best what’s it’s supposed to do !!

Call me old boomer but I really like the simplicity of lychee. It’s a bit like how reading an article from miniflux or wallabag… Simple html files without bloating your eyes or your brain…

Just my 2c, nothing to see here !

Emby which already had music support.

Didn’t knew that ! My bad. Thanks for the precision !

I dunno… Jellyfin does great as a Video media player/streaming platform. I prefer to not have everything in the same basket.

Also, this is better for Dev, so they only have to concentrate to one type of thing. I would rather suggest navidrome as a music server and Tempo as a music client for android !!

Tempo doesn’t get updated so much (every few months) but he/she takes his time to make his player functional and very pleasing to the eyes.

I just recently learned about azireVPN.

Any thoughts?

Azire looks great ! I’m interested on why you choose azire over protonVPN?

I have a self-hosted Baikal server with self-signed CA on Android 14 and it works.

However, I didn’t had to add the certificate to Davx⁵ itself. Adding a rootCA into your device and your reverse proxy handling the request should work as expected over https.

Those kind of things are difficult to troubleshoot, this could be:

• Bad rootCA certificate, missing the necessary options ?
• Wrong certificate handled by your reverse proxy ?
• Radicale doesn’t recognize your certificate extension ?
• Wrong networking configuration ?
• Bug ?
• …

We need more infos about your setup:

• Do you use a reverse proxy ?
• Had you already any success with this certificate within an other application ?
• Any logs from your Android, Davx⁵?

Yeaaah I already played a bit arround with step-ca ! Right now a make a mini-CA with openssl.

When I get more comfortable with how everything works together I will surely give step-ca another try.

Maybe all package managers default to libtorrent 2.0.X, but that’s not true when downloading from the website.

Maybe you are a windows user?

Close enough… Got MacOS, Windows and EndeavourOS and there’s also an appimage available on their site so it’s not only because you’re a “Windows user”.