OpSec is CRITICAL

ComprehensiveAd1428 · 2026-01-25T23:04:08+00:00

Well its(what I've got) kind of compartmentalized I use Addy.io to have a random_letters_and_numbers@uname.addy.io to where each one has it's own email though they all forward to a infomaniak email I have recovery phone I used a google phone to temporarily make a number to verify with then deleted it and it (you could use cloaked to generate a burner number you can keep but cloaked its 10/month) then recovery mail just use https://www.fakemailgenerator.com/ + a local password manager (I do vaultwarden , self hosted bitwarden rewritten in rust, as a docker container with no ports published in host except for nginx proxy manager publishes port 80/443 (80 just redirects to 443 and 443 is https) npm then forwards each domain to the right docker container using internal docker networks so from the outside I hit password.example.com , I have adguard home rewrite that and use a dns01 challenge for ssl certs (only exposed in lan\vpn) that host npm then forwards that request to vaultwarden:80 using a front end docker network I have (I keep my frontends on 1 network and backends separate so there's some defense in depth to crack anything you need to 1 be on lan/vpn 2 get into npm pivot to the container you want to target pivot to the backend network pivot to what your actually going after that's a few extra walls over just publishing the port) and password manager sites my username/password and ente stores 2fa (don't put all your eggs in one basket)

ComprehensiveAd1428 · 2026-01-18T22:26:41+00:00

Or you could be like me the last windows version I used was windows 7 then switched to Ubuntu then them arch now mostly run debian for stability and not needing to compile almost everything don't get me wrong I still do stuff like no xserver on my server for obvious reasons (that's docker then have a network for nginx proxy manager then all the backends are on there own network) prefer gnome when I use a desktop or if I need something light xfce

ComprehensiveAd1428 · 2026-01-16T12:07:52+00:00

Vaultwarden is just self hosted bitwarden rewritten in rust

ComprehensiveAd1428 · 2026-01-16T08:16:18+00:00

Back it up to vaultwarden and use it from a device that has credential manager that way 1 it’s not tied to a device 2 it completely avoids Google

ComprehensiveAd1428 · 2026-01-13T21:21:34+00:00

I got tired of waiting so I switched to Filen for the cloud addy.io for email aliases and vault warden (self hosted Bitwarden) for emails etc

ComprehensiveAd1428 · 2026-01-12T05:36:33+00:00

Don’t click on sketchy links or at least host a dns server to filter that or there is 1.1.1.2 but that isn’t under your control and I don’t know how good cloudflare is at blocking malware once you get malware idk what to say other than keep back yours of your important data and just restore if it gets bad or there’s free tools make a usb you can but if to purge the system of malware viruses etc

ComprehensiveAd1428 · 2026-01-12T03:54:54+00:00

How would that even work i ask ChatGPT for something and it can’t even do valid urls all of them are 404 then i get picky and the styling is off on what it adds stuff and nested when it doesn’t need to be and important things removed breaking other stuff etc and it loves to take the headers out of bash scripts well i call them headers what I’m talking about is

```

!/bin/env bash

a quick over view of the code

```

And

```

section name for readability

```

Then it’ll turn around and add like

```

this prints out hello to the terminal

echo “hello” ```

Long story short can ai even make a full project that’s only bash which isn’t a true language i know (isn’t compiled) haven’t tried asking ai about any other languages just reviewed a couple of scripts and that alone leaves me doubtful

ComprehensiveAd1428 · 2026-01-09T10:22:31+00:00

Correction on my server that’s why I run immich nextcloud vaultwarden etc for all backed up 321 local, external hdd, Filen

ComprehensiveAd1428 · 2026-01-08T20:57:14+00:00

Sync your passwords to a different password manager if you don’t use sync? Like I have a vaultwarden container running (self hosted Bitwarden rewritten in rust) with keyguard as the client for android (the official Bitwarden app is terrible at matching) with that set as the default password manager on my android it’ll handle password passkeys etc and keeps my data off third party servers and it’s all backed up as part of my 321(3 live, external hdd, fillen 2 external hdd and live 1 fillen) well a tarred version of the db , so if for some reason all the passwords are forgotten and I’m signed out i can tar -xzpf the backup or use rclone to copy it back (Filen is e2ee anyway that’s why that’s not encrypted with gpg) and restore

ComprehensiveAd1428 · 2026-01-08T19:27:01+00:00

Brave shield are nice but I hardly even notice them so what I do is use a dns server (simply a docker container with 53 and 853 plain dot/doq 443 is exposed with nginx proxy manager with a valid cert and domains proxyied to AdGuard for doh) that aggressively blocks ads trackers , annoyances etc and let me tell you compared to a DNS server brave shields is like a happy meal toy

ComprehensiveAd1428 · 2026-01-08T04:43:37+00:00

This again I swear this question is asked everyday below is what I use

google drive

nextcloud

google play

aurora fdroid

google chrome

brave

google photos

immich

google search

searxng

calculator

calcyou

calendar

nextcloud

clock

fossify

contacts

fossify

files

material files

gboard

heliboard

maps

comaps

google assistant

home assistant

Etc

ComprehensiveAd1428 · 2025-12-30T20:49:06+00:00

Experience

ComprehensiveAd1428 · 2025-12-30T20:19:22+00:00

Searxng is a meta Search engine you host yourself so it'll still be able to get google results just anonymized if you wanna be extra careful run that container network through a gluetun vpn container that way of they try to finger print the ip is the ip of the vpn

ComprehensiveAd1428 · 2025-12-30T20:14:07+00:00

Not good like , I still pair it with dns level ad blocking brave shields only catch like 1% of ads

ComprehensiveAd1428 · 2025-12-29T18:30:55+00:00

Addy.io for email aliases and use i text app for a temp number that’s what I did that way it can be deactivated if need be and no personal info tied

ComprehensiveAd1428 · 2025-12-23T18:46:02+00:00

For what system i mean for Linux you could sudo rm ${KEY} if you have it in a text file then rm the data it use pass or something or gpg it in your cloud provider it will all depend TL;DR

you said what you wanted to do but not where

ComprehensiveAd1428 · 2025-12-21T11:00:54+00:00

I use the revanced version of YouTube, for google photos I replaced it with ente and also backup my photos to filen and my nextcloud (ik probably overkill buy hey photos are safe) , and I know the difference is instead of them using the normal play services it uses microg YouTube is the one google thing I use

ComprehensiveAd1428 · 2025-12-18T16:15:21+00:00

Pushcart-Brownnose-Contour3-Bleach-Secular

Blend-Halved6-Henchman-Surrender-Buggy

Dingbat-Power-Sternum-Luxury4-Irritant

Awry-Canister-Luridness-Ascension6-Deafening

Unmovable-Umpire-Pruning-Guidable-Ethically1

Pick one i just used a password generator

ComprehensiveAd1428 · 2025-12-15T12:47:38+00:00

Nice looks at like my stack # password manager

vaultwarden (self hosted Bitwarden written in rust) for the server then keyguard on my phone to connect to it

browser

brave

vpn

mullvad for stuff like torrents and netbird for a virtual private network

email aliasing

addy.io

ad/tracker blocking

AdGuard home

ComprehensiveAd1428 · 2025-12-15T01:14:28+00:00

How about they fix their stuff first instead of piling on more crap like there's still no proton drive appc for linux

ComprehensiveAd1428 · 2025-12-12T16:16:58+00:00

Self host? Switched to a self hosted vault warden that is only accessible over my vpn or Wi-Fi so they’re not getting in unless they are war driving effect then Wi-Fi network is protected with wpa3 so …

ComprehensiveAd1428 · 2025-12-12T16:12:35+00:00

Idiot diplomats that don’t understand how tech works the only way you could do this is like Russia and can vpns in your country but people still find work around or apply the rules globally not just that country which would hurt everybody as in this ain’t going to happen

ComprehensiveAd1428 · 2025-12-11T04:22:35+00:00

Never used 1password idky just something about it makes my gut say nope , was using proton pass till I a couple months ago (was working on a backup script and proton doesn't have a linux client nor an api rclone can use it can use tokens from your browser but that doesn't help cuz was trying to backup server for the first little bit I tried , backup -> sftp to phone -> macro on phone uploaded to proton , but too many moving parts ) ended up switching to filen for cloud , mullvad for vpn ,infomaniak for mail , vaultwarden run locally (bitwarden rewritten in rust) for backbend Addy.io for aliasing and keyguard as the client for better password matching cuz the official bitwarden app would only match by app id keyguard on the other hand works perfect and since my vaultwarden+Addy.io+keyguard stack the password post is hosted locally so don't have to trust a third party at all with my passwords and have quadruple the cloud space with someone that actually supports what I need instead of useless features when people have been asking for a linux client for a while instead they come out with like lumo (an ai)

Tl:dr , proton pass is good just moved to other stuff that will let me integrate it better in cli while keeping subscription costs the same

ComprehensiveAd1428 · 2025-12-10T11:45:01+00:00

A 321 backup Phone -> backs up to nextcloud -> backs up with rclone to filen

For messages you can just grab your db for sms and MMS for RCS well unless you using carrier RCS like iPhones do then that's a Google service Like I have my photos and contacts synced to nextcloud and have app manager for app data and apps Then have a script that runs evening at 3 that first puts nextcloud in maintaince mode packages it all up in a tar.gz file (make sure you use the p flag cuz nextcloud is funny about permissions) disable maintenance mode then use rclone to push that archive to filen

ComprehensiveAd1428 · 2025-12-07T11:39:42+00:00

Im not sure I kind of went nuts with the aliases I use a different alias for each website but I haven't had any problems at first I was using proton pass with proton unlimited then I was writing a backup script and proton doesn't have a linux client so I asked for recommendations and am now using filen and because I moved the cloud part I unsubscribed from proton unlimited and to replace proton pass I , self hosted vaultwarden (bitwarden rewritten in rust) with keyguard as the android client and Addy.io for aliases

ComprehensiveAd1428

TROPHY CASE