Yeah with a docker container running 24/7 and a phone app it’s much better. they also have a setting where deleted files on phone are simply moved to archive on the server.

Having setup both, ive found syncthing to be much simpler. I would probably not go through the headache of setting up https and databases for next cloud again…

How can you ever learn the risks of exposing ports if all answers are “if you don’t know you shouldn’t do it”?

The post explicitly recommends ONLY exposing the wireguard port, not 80/443/22 which one should usually not do anyways. Very different things!

Clippy was the pretext not the goal

Yeah it’s good to have a system separate from the main server. It’s always so frustrating having to debug wireguard issues cause there’s some problem with docker

Ssh behind a wire guard VPN server is technically more secure if you don’t have a key-only login, but a pain if the container goes down or if you need to access the server without access to wireguards VPN client on your device.

And the company came under fire again in 2018 after The Wall Street Journal revealed it was allowing third-party developers to trawl users’ Gmail inboxes, to which Google responded by reminding users it was within their power to grant and revoke those permissions.

So you can remove those permissions, just that it’s enabled by default. Shitty design, but it’s not mandatory to enable those, just like how you are not forced to use edge when you get a Windows computer.

Use syncthing to sync and monitor your backups.

Syncthing backup server for your important files.

Cloudflare, namecheap, GoDaddy, domain.com, they all offer dns I think. Some of them are supported by Dyndns; you can find a list of supported providers.

So they profit from high-profile commercial users to subsidize the free tier (proxy, tunnels) and cheap DNS. What’s wrong with that? It’s not like we absolutely need those (proxy is nice but you can use vps, tunnels are also offered by ngrok).

Cloudflare

When Whatsapp was sold to Facebook in 2014, they had 55 employees. Considering the app had considerably less features and did not focus so heavily on encryption and privacy, Signal can be considered even leaner than Whatsapp.

Now, for the actual breakdown, they have at least the following technical teams: desktop, android, iOS, server, calls (ringrtc), core (libsignal). If we assume a team has usually 5 people (manager, Sr SWE, Jr SWE, QA, maybe PM), that’s already 30 people. On top of that, they have an in house support team (don’t know the size but I wouldn’t be surprised if they have 10ppl on the payroll considering the number of signal users) and management (CEO, CTO, CSO, VP), which will quickly add up to around 50.

Sorry I misframed it. I mean that since there’s no need to reveal phone numbers, there could be an opportunity for spammers to increase spam by creating many accounts, and Signal should preemptively find ways where such spams could be reduced. However, I realized after posting that the article says we still need to sign up to signal with a phone number. However, there’s still the risk of impersonation (by writing someones username with tiny changes) and people trying to add vulnerable users by username (which they might be using on other platforms) instead of phone number.

Makes sense!

I imagine unrestricted usernames would make spam easier than with phone numbers. I’m just hoping they have a way to control this.

About time! Hopefully they will find ways to reduce spam though.

Very promising technology! Good to see better-than-mixed review. Looking forward trying once it hits the shelf.

So it makes you IP less discoverable. However, if someone finds your IP randomly (through brute force), would you still be vulnerable? Or is it possible to only port forward to a static CF address so only CF can connect to you outside of your home network?

How is getting a domain protecting you IP? Wouldn’t your IP still be accessible even after you link it to a domain?