this post was submitted on 08 Jun 2024
244 points (89.4% liked)
Privacy
32046 readers
719 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes there are a bunch of self-hosted options like frp, all of which require an endpoint on the internet somewhere, typically a cheap or even free VM. Here's a pretty comprehensive list:
https://github.com/anderspitman/awesome-tunneling
Thanks so much. Now I have another way to avoid my family this weekend ๐คฃ๐คฃ
Remember not to compromise security in favor of privacy. To me they're both important, but security wins every time.
Remember that services directly accessible over tunnels, whether from cloudflare or frp or ngrok or whatever, are directly accessible over the internet. So if any of those various self-hosted services have a remote vulnerability, and EVERYTHING does sooner or later, you will be exposed. This is why I personally WG VPN to my home LAN rather than exposing most of my stuff via any sort of tunnel. Tailscale is another option I often recommend.
I do use CF tunnels for specific purposes; Home Assistant Google Home integration for example, but I secure that via their "zero trust" authentication by validating incoming IP ranges, so only Google can reach the tunnel in the first place, everybody else is stopped by Cloudflare. For other services with human users, I have them authenticate via github or google oauth first. I also run all services accessible by the internet by any means on a restricted VLAN firewalled off from the rest of my LAN.
Agreed. I have a lot of homework to do before I even know which way to leap to.