machiavellian

Looks like you’re worried about highly motivated hackers targeting you specifically.

Not really, no.

Not patching security vulnerabilities leaves you open to not just targeted attacks but also wide spread attacks, which also use the same exploits that nation states use. Just look at the recent Coruna debacle.

Let me bring another analogy. You live in a town where theft and burglary is rampant. You have a lock on your front door but the lock is based on a legacy design which is not hard to pick. Sure, no one has broken into your home yet but if you keep using an antiquated lock, it’s a matter of when not if. And it’s not like only rich and important people’s houses are broken into. Everybody who’s vulnerable can and eventually will get attacked. If I had to choose between risking burglary and paying a little extra for a better lock, I’d choose the latter.

Maybe you’re a political activist or just very rich.

I don’t have to be a political activist to take measures to protect myself online nor rich to afford a used Pixel.

Sacrificing all this just to be protected from very unlikely attacks is simply not worth it.

To each their own, I guess.

You can permit some connections temporarily or permanently for specific apps only.

So you mean like OpenSnitch? If so, Rethink also has that.

EDIT: grammar

So you’re excusing lazy patching with improbability? Personally, I wouldn’t bet my privacy and security on a criminal’s lack of motivation.

It’s like eating candy from a bowl in which 5 are poisoned and 5000 are harmless. It’s improbable for you to pick a poisoned candy but because the consequences of choosing wrong are so perilous, I wouldn’t choose at all or choose a bowl with less poisoned candy.

GrapheneOS doesn’t have good tools to monitor and block trackers.

Yes it does. Rethink has (in addition to other awesome features) a local DNS blocklist option which you can configure to automatically block almost all telemetry apps send.

Maybe Peergos?

True, but you can configure addy/forwardemail/simplelogin to proxy your posteo mails through your own domain.

Perhaps they’ve changed, but last I checked they didn’t allow IMAP/POP3 due to “security concerns”.

Posteo

An email provider who doesn’t lock you into their ecosystem and doesn’t collaborate with law enforcement without putting up a fight.

They just changed the maintainers? What in this thread does not give you confidence?

SyncthingFork?

I am at the very beginning of my journey taking those first baby steps. As I don’t yet understand all the sysadmin stuff, I’m treading rather carefully to avoid making unfuckable mistakes.

I recently switched to Void on my daily driver so it has been a bit of a trial to get used to a new OS and configure it correctly. Nevertheless, it’s been a great learning experience.

Alongside it I’ve downloaded OpenWrt on my router and begun to configure it as well (still need to deal with the Wireguard and Unbound config).

For the actual server I managed to secure an old Dell Optiplex. In the near future, I plan to flash it with Libreboot and then install Debian or FreeBSD (apparently great ZFS support) on it. Though I’ve still no idea whether I should use Proxmox and how I should format my drives (one 500GB SSD and 4TB HDD) for maximum effiency and for the possibility of later easily upgrading my storage capacity.

When I’ve finally past these steps, I plan to selfhost music services, as well as few other basic services. My goal at the moment is to replace Spotify for my whole family. But it’s still a long way to go.