I indeed have a domain name pointing to the VPS IP, with Caddy managing TLS. Other apps are exposed this way, and I will do the same for the qBittorrent WebUI as well. I like having Caddy as a single gateway where I can apply security configs and monitor all traffic, I was hoping I would be able to pass torrent traffic through it as well but everybody seems very much against it.

I already have wireguard setup as you describe so I guess I’ll just give up on passing torrent traffic through the proxies and just open a localhost port on the qBittorrent container…

Resetting the “time since last being told I don’t know shit on the internet” back to 0 once again…

I already have an existing and working setup used for other apps, it’s close to the one described in this blogpost. Yes, it’s complicated and inefficient, but it has reasons to be. I want to keep my qBittorrent configuration as close to this setup as reasonably possible for consistency. If your point is that it’s counterproductive to follow this setup then… fair enough. I can just route traffic from the VPS to an exposed port on the local qBittorrent container over Wireguard, but that wasn’t my preferred solution.

Running a torrent client through a proxy doesn’t isolated a process.

I was talking about network isolation, not process isolation.

make sure your traffic is routing there properly

That was pretty much what I was asking for help with.

I have already set up all of that. My setup is similar to the one in this blogpost and it’s already working for various apps that only use HTTP. What I’m trying to do is to also route BitTorrent traffic (TCP/UDP) over the same setup without opening up entirely new paths.

Yes I already have that set up with Wireguard, what I’m figuring out is how to route traffic through it.

I’m guessing what you mean is setting up port forwarding in Wireguard…

The thing is ideally I would want all connections in and out of my homeserver’s Docker network to go through the local Caddy proxy, so the app containers are isolated. That still means having at least the local Caddy acting as a TCP proxy, even if the VPS Caddy is bypassed. If that’s too much of a hassle though I can instead just expose a port on the qBittorrent container directly to the homeserver’s localhost, and forward that with wireguard to the VPS.

Wild ass comment.

Unless you really really need portability between devices

Who doesn’t??? What do you do, copy 20-char randomly generated passwords manually all the time? That’s the whole point of password managers…

I use firefox’s local, inbuilt manager

Browsers are NOT a secure storage for sensitive data, if you want a local password manager at least please use KeePassXC.

The thing that pisses me off the most is that they are disingenuous almost to the point of lying in interpreting that survey’s results. They say that 75% of users are interested in GenAI, when actually what they asked is whether people have used any GenAI at all in the recent past. And that still doesn’t mean they want GenAI in Proton. That’s a pretty significant sleight of hand. The more relevant question would have been the first one on what service people want the most. In that case only 29% asked for a writing assistant, which is still not the same thing as a full LLM. The most likely answer to “how many Proton customers want an LLM in Proton Mail” seems to be “few”.

This is old drama at this point. I’ll repeat what’s been said the previous times this was posted.

Proton did what they were legally required to do in the jurisdiction where they operate as a legitimate business. As an encrypted email provider they offer privacy but not necessarily anonymity, and they’re open about that. They even have multiple blogposts about how to use their service more anonymously. If you thought that by using ProtonMail you were getting full anonymity that’s your mistake.

In both the cases mentioned the users made OpSec mistakes: not using a VPN in one and linking their personal Apple email as a recovery email in the other. In the first case Proton wasn’t even logging the user’s IP until the police forced them to.

Thank you for the links, I had found a few of these but some are new. The basic idea is there, I’ll see if any of these can work for us. I’m growing more convinced though that hosting a whole app for this super simple use case might not be worth it, I think we might pivot to just hosting a really basic static page for it.

This is way too overkill for what we need. I’m sorry, I’ve been intentionally vague about the context for this but I guess it’s too unclear. We’re an activist group planning a protest. We might have to get this set up literally tomorrow and every penny comes out of (mostly my) pocket. We’re also all paranoid about opsec and anonymity, which is why the requirement about avoiding corporate services is there. Perhaps I should have posted this in a privacy focused comm instead, I apologize.

It’s pretty overkill for what we need, and it would still fall under “corporate” for us. At that point I could just go for the static Notion page which I can get live in 5m for free.

We can set up all of those but again, that’s kinda expensive for us rn. What’s the benefit of using a CMS like Joomla versus wishthis, or even a basic Caddy/Nginx webserver with a static page?

I believe you need root to access those, plus a file manager that supports it (I use Mixplorer which does). Otherwise, as someone else suggested, you can access them from a computer over ADB or MTP.

They’re insufferable commies who keep attacking other parts of the Fediverse by… uh… commenting on posts and… ehm… responding aggressively to bigoted content. They’ve got all these sick ass stickers that we don’t and they keep flexing them in our replies which drives me crazy.

Their instance is an authoritarian distopia where queer people feel safe and they don’t waste time debating the same wrong liberal talking points every time. Also you can just call someone a dumbass if you disagree with them: a totalitarian nightmare.

Worst of all they go around straight up bullying other Fediverse users: right now I’m locked in a bathroom stall that a Hexbear user shoved me into. I’ve been here for an hour missing my maths class, and I’ve had to drink the toilet water. My tummy is starting to hurt. Stay away from Hexbear users…

Nice! Kudos to Proton for not abandoning their promise to publish their sources… Hoping to see Calendar on there soon too.

Even if its configured correctly to totally obfuscate the data and the final endpoint of the traffic it’s still blatantly obvious that a VPN is in use.

Which is why Chinese users don’t use standard VPNs, they use obfuscated proxies with protocols like Shadowsocks and V2Ray, which mask the tunneled traffic as innocuous HTTPS traffic.

Other people in that thread have pointed out that it isn’t showing posts being delivered to Threads despite the block. That should be testable with other instances, but not Threads since it’s not receiving any content from Mastodon at the moment. The concerning thing there is the user still being able to view content from people they’ve blocked, but that seems to be a bug if it’s reproducible.

In the EU companies can’t scrape personally identifiable information without consent, even if it’s already publicly available. IANAL, and there’s probably ways they can sneak around the GDPR, but at least it’s not a free for all. It’s unclear though how it works for federation. It’s definitely not the same legally though.

The reason for not directly federating content to Threads isn’t so nobody there can ever see my amazing posts, it’s so Meta can’t easily profile me. Scraping public posts on a different platform would probably be illegal, at least in the EU, and reposts don’t give them a lot of data about me. Federating content, however, would give them most of the same data that Mastodon has on me without even having to ask.

This post from Eugen Rochko mentions that blocking Threads at the user level “stops your posts from being delivered to or fetched by Threads”. Basically, the user-level instance block is bidirectional.

Limited federation mode is a different feature, at the admin level. It doesn’t really affect the delivery of posts in either direction, it just hides the blocked instance’s content from the global feed. Defederation on the other hand is indeed bidirectional, but again it’s on the admin level rather than users’.