While I don’t disagree with you about the potential of those alternatives they won’t cut it for the average graphic designer… usually not due to the lack of features but most likely because of the network effects / dominant position that Adobe holds over their field. People who need to collaborate with others and are pressured to get stuff done can’t afford the slightest compatibility issue.

The way to get Linux more appealing is to get proprietary software makers, like Adobe, Microsoft (Office), you know the actual things people need to do their job, to make software for Linux. Steam Deck is a good example of this, it works because Steam ported the games to Linux…

+1, this is poised to create issues and potentially ruin a few relationships.

OP’s sister is used to Apple services and not even other payed cloud services come close to the level of integration Apple provides. It just works, is a real thing inside the Apple ecosystem and anything the OP might get will be inferior and she will complain.

On the day the service is down or something doesn’t work / some update breaks the sync or wtv she’ll just be there with an “entitled atitude” pressuring the OP to fix things.

This is like one of those situations where you have a LOT of work setting up and managing something and people will never recognize the work, help, split the bill or be patient. People are so expected tech to “just click a button” and everything just works and is free that they aren’t even able to understand the complexity of what’s behind it all and the amount of work it is required to get “a simple file sync” to work.

And what about signal? If some gov founds a group chat they don’t like, will they take it down? How will they even know if all the contente is encrypted?

CSAM? More like copyright infringement. CSAM is the usual cheap excuse to shut down everything because of the obvious social implications.

While I don’t disagree with you, I don’t believe that if MTProto 2 was breakable govts would be putting the shit show they’re putting right now.

Telegram doesn’t use encryption. Everything is in clear text. Nobody needs a back door to get access. Not even governments. It’s all just out in the open

This isn’t even true, Telegram isn’t IRC. Like any modern application, uses SSL (encapsulated in MTProto) to protect connections. Govts will only have access if they manage to compromise those certificates, like your bank’s website.

Telegram are the ones making a promise. I’m not saying they’ve broken their promise (as evidenced by the arrest).

The fact that govts go after them kinda validates the promise. Unlike Signal.

This has nothing to do with the ability for the company to see what users do, but with the fact that govts can order Signal and others to hand user data, ban chats and whatnot while Telegram simply ignores requests like those.

Govts aren’t pissed about the fact that Telegram might be an accessory to a crime, they’re pissed because they can’t compromise it. Do you remember the FBI vs Apple situation, they wanted backdoors / access to E2EE stuff and Apple was refusing to provide and they went against one of the largest tech companies out there. Do you really believe that the US govt just went after Apple but wouldn’t go after a small company like Signal? This looks shady - almost like there’s a security vulnerability / backdoor in Signal they can use whenever they want.

I agree with you, but just think about this:

signal, a truly secure messenger, will comply with data requests and will send the authorities everything they have about a user, which is really not that much to begin with.

A govt asks Signal for info on a user, then Signal hands over a bunch of IP logs, metadata and a few encrypted messages that are still pending delivery or something on their servers.

Do you remember the FBI vs Apple situation, they wanted backdoors / access to E2EE stuff and Apple was refusing to provide and they went against one of the largest tech companies out there. Do you really believe that the US govt just went after Apple but wouldn’t go after a small company like Signal? This looks shady - almost like there’s a security vulnerability / backdoor in Signal they can use whenever they want.

Why would they go after the “not E2EE” chat but not after the “unbreakable and private” one? Telegram delivers trust, users trust that they won’t share any info to govts. Signal only delivers a promise that their E2EE will be enough to make the information govts get useless.

This whole Telegram story is absolutely unrelated to chat control

Chat control is exactly about baking backdoors and providing govts full access to chat logs etc. something that Telegram would never be okay with. They don’t even reply to govts requests most of the time, let alone be compromised at that level.

the answer from my perspective is quite simple. Noncompliance. If telegram had complied to local laws, like the others have and continue to do, he would not have gotten in trouble.

Exactly you’re getting there. Now let me ask something, if Facebook/Apple/Signal/Matrix comply with such laws how private are they? Those companies will happily censor chats and hand records to the govt, Telegram won’t.

Now you can argue that they do hand info the the govts but it is all encrypted and whatnot… do you really trust there aren’t backdoors there? Or cleaver ways to get around it like what we saw with push notifications or macOS analytics?

Govts are only after Telegram because they can’t infiltrate the company, ask for data etc. If Signal was really as secure and private like everyone says it is then their executives would already be in jail and whatnot for “enabling criminal activities”.

Telegram isn’t E2E encrypted and the telegram company can access all your messages, however, just think about the bigger picture there. How come that the E2E encrypted WhatsApp, Signal and whatnot never had their CEOs arrested for not moderating content / enabling criminal activity? Think about that.

First they obliterate telegram (most likely the only ones that would not comply and still offer service in Europe, Facebook and Apple would just comply, Signal would drop Europe) and a few days later they restart talks on this.

Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service.

That explanation is misleading because:

1. OpenWrt does firewalling and routing very well;
2. If you’ve a small / normal network and OpenWrt will provide you with a much cleaner open-source experience and also allow for all the customization you would like;
3. There are routers specifically made to run OpenWrt, so it isn’t only a replacement firmware.

Free Dyndns services seem to be a bit crap

Why do you say that? https://freedns.afraid.org/ and https://www.duckdns.org are very solid and if you’re looking for something more corporate even Cloudflare offers that service for free.

This has nothing to do with people… we’re talking about leftist govts that want to track what people own and what money is moved around in order to tax people more.

It depends on what you’re self-hosting and If you want / need it exposed to the Internet or not. When it comes to software the hype is currently setup a minimal Linux box (old computer, NAS, Raspberry Pi) and then install everything using Docker containers. I don’t like this Docker trend because it 1) leads you towards a dependence on property repositories and 2) robs you from the experience of learning Linux (more here) but I it does lower the bar to newcomers and let’s you setup something really fast. In my opinion you should be very skeptical about everything that is “sold to the masses”, just go with a simple Debian system (command line only) SSH into it and install what you really need, take your time to learn Linux and whatnot.

Strictly speaking about security: if we’re talking about LAN only things are easy and you don’t have much to worry about as everything will be inside your network thus protected by your router’s NAT/Firewall.

For internet facing services your basic requirements are:

• Some kind of domain / subdomain payed or free;
• Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
• Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as https://freedns.afraid.org/.

Quick setup guide and checklist:

1. Create your subdomain for the dynamic DNS service https://freedns.afraid.org/ and install the daemon on the server - will update your domain with your dynamic IP when it changes;
2. List what ports you need remote access to;
3. Isolate the server from your main network as much as possible. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;
4. If you’re using VLANs then configure your switch properly. Decent switches allows you to restrict the WebUI to a certain VLAN / physical port - this will make sure if your server is hacked they won’t be able to access the Switch’s UI and reconfigure their own port to access the entire network. Note that cheap TP-Link switches usually don’t have a way to specify this;
5. Configure your ISP router to assign a static local IP to the server and port forward what’s supposed to be exposed to the internet to the server;
6. Only expose required services (nginx, game server, program x) to the Internet us. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
7. Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
8. Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
9. Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
10. Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard or required services port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
11. Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connections from your country and more details here.

Realistically speaking if you’re doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. Here a decent setup guide and you might use this GUI to add/remove clients easily.

Don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.

Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare tunnels and how to setup and alternative / more private solution.

Note: iptables is “deprecated” you should be using nftables. Even Debian is on nftables nowadays.

“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made yet another non-standard implementation of something that already existed, this time a crypto wallet." :)

Welcome to the communist Europe! This is what the friendly left got us.