Roles in authentik are for permissions in authentik. You want a group instead. Group memberships are send via OIDC.

Been working with Linux every day for over a decade at my job. At home I run the most boring generic shit.

Check out EFF cover your tracks: https://coveryourtracks.eff.org/

The results are very interesting. For me, the most unique thing about my browser was that I had two system languages, and so the accept-language header was very unique.

I now use vanadium (graphene OS), which simply sends made up values for a lot of headers, and so makes fingerprinting harder.

In general, you should try to be as “normal” as possible, use standard settings for everything, just accept English, etc…

I would put truenas on the NAS, also put a VM on truenas with 16-24G of RAM.

Create a kubernetes or docker swarm cluster with server 1 and the nas vm and just have everything as containers. This way you just have one resource pool, and the containers will be started wherever there are enough resources available. The containers will mount NFS shares from truenas which truenas will create automatically as ZFS datasets. ZFS supports snapshots.

This is probably the way, because a traditional “mail server” is actually 4-5 different servers working together.

• postfix for SMTP
• dovecot for IMAP
• amavis to plug in…
• spamassassin as anti spam
• clam-av as antivirus

And they can all be very easily misconfigured to break everything completely. Great learning experience though.

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

But not paying for it almost guarantees it.

No I’ve never seen this. Usually they send you an email to the admin address of the domain with the code.

Ultrasonic cleaner with isopropanol solution.

Its always encrypted, just that the keys are in RAM when it runs.

In case of graphene though you can have a distress pin that wipes the encryption keys, making the phones content irrecoverable.

I’m not sure, I got a used Pixel so I can use graphene.

It exists and is called graphene OS. It is primarily focused on privacy and security though and as such only supports google pixels since they have both good hardware security and fast security patches. Most others fail at one of the two.

Otherwise you could install calyx OS.

I’m using it and never going back.

It’s not just the privacy aspect, but the fact that most results in other search engines suck. The first two pages would usually be ads - first the bought ones, then company websites and copywritten blogs. I get that way less with kagi. I find useful stuff faster and my brain is less polluted.

Jokes on you, using AI I got that time down to 4 hours trying to convince it to create working code, and 3 hours of debugging.

Related: https://timsh.org/tracking-myself-down-through-in-app-ads/

Unity games on mobile send your location to Unity servers every couple seconds through the Unity ad network.

Things you can do:

• GDPR Request to Unity
• use a DNS that blocks trackers, like mullvad

And then install graphene OS

Nextcloud has collabora integrated.

I would put this stuff behind VPN.

Seems weird to me, the router would need to do deep packet inspection of DNS and selectively block specific ones. It feels more like you’ve set up your DNS to do forwarding instead of resolution. Can you post a network diagram and the DNS config?

Do tcpdump host $server instead. Otherwise you will only see the request (the response goes to a different port).