looks at community I hope so?
looks at community I hope so?
I’d almost go through the trouble of getting the content out of Wordpress. The nice thing about static site generators is you can completely switch out the framework, runtime, base Docker image and/or OS at any time.
Your router probably does have one, but your end devices should too. If your router is some piece of trash ISP-supplied one, it might not even have a firewall for IPv6 (if it even supports IPv6 at all).
I really wanted it to work on Fly.io but I couldn’t get it to. I’d also like to get the Tailscale software Dockerized but running multiple nodes on the same host with custom DNS was a complete shitshow.
I really love Tailscale, but the daemon and CLI seem to be absolute garbage.
I would add from an end-user privacy perspective, they might want HTTPS. If I hit a website not using HTTPS, I pretty much immediately back out. Bad actors like hostile governments and hackers can use seemingly meaningless data against you.
I can’t remember exactly what happened but I remember back when WebMD was fighting against rolling out TLS hackers were able to find medical weaknesses against people.
Honestly, just Unbound for DNS filtering + Tailscale + commercial VPN solves 99% of my problems with privacy online.
Yes I have a DNS service listening on both UDP and TCP to respond to DNS queries from clients using the standard DNS port; crazy me. 🤪
You can’t have UDP and TCP on the same port? I don’t think that makes sense, I have DNS listening on UDP and TCP both on port 53.
I’ve been blocking Google domains completely (except for OCSP) for almost a year (using DNS). I’m sure some domains use Google Cloud and slip past the DNS blocks, but usually the only things that break are captchas and some shitty old websites that pull jQuery from a Google domain (why would anyone do that?).
“It breaks all of the internet” is a little dramatic, maybe if you block their OCSP domains that’s true.
I do agree though that 80% is low, even if only counting the traditional tracking script that’s been used everywhere for ages.
Maybe DNS or IP blocking, but blocking only in the browser likely won’t be helpful as apps (on basically any platform) also track users by calling assets on their domains.
You need to block Google completely. Simply abstaining from Google services and/or using a browser ad blocker will do you no good — like 80%* of apps / the web include their tracking assets (among many others).
* Just a number I pulled out of my ass, don’t sue me
I killed off ads in the News app by blocking doh.apple.com
. I find it kind of funny that it looks up its DoH server IP using the existing DNS server and that simply returning NXDOMAIN cuts it off.
Not sure if they use it for much more than that though (doesn’t seem like it).
One thing I want to bring up just so you’re conscious of it is WiFi calling.
I currently use Tailscale and a sophisticated setup to route traffic via commercial VPNs. I also do a ton of DNS ad/tracking blocking which Tailscale wasn’t really designed for (and requires a rat’s nest of routing, iptables
and the like).
I’ve noticed I never receive incoming calls now even while attempting to send traffic to my carrier’s WiFi calling server (it’s just another traditional VPN server at a technical level) through the nearest Tailscale exit node.
All this is to say, if you want WiFi calling to work you should consider this. I believe it’s the same for Android and iPhone.
As for the traditional VPN bit I kind of discovered this a few years ago when using one of those mobile cellular gateways you can plug into your LAN (I lived in a dead zone). When looking up my current carrier’s WiFi calling server (a different carrier) I realized the port matches the same VPN thing they were doing on the cellular gateway, so I think it’s fairly common for wireless carriers to just use a VPN to get you into their backend.
Isn’t a Docker registry just HTTP? Would a caching proxy be too hard to use for this?
What is the most private phone? Take a visit to a Google property and curb stomp your privacy to find out!