Murkhat

Not really local but selfhosted: Nextcloud + memories

I trust sonarr and radarr to disable telemetry via the options, so I don't think you have any benefits from putting them behind VPN. All download clients ofc make sense

I could imagine google also gets some sort of snapshots to mitigate the risk that after their announcement everyone deletes/modifies their content.. But who knows.

I would suggest to write a Python script together with https://pypi.org/project/Faker/ - might not be the noob-friendliest, but also not too hard to do

Search all files for "http" and check how the URL is utilized, maybe you can comment out those Funktion calls

Is it really safer? I mean when trying to bruteforce a password, one would have to make a guess whether it's a passphrase or not. But if you decided to check for pass phrases, wouldn't the one you posted be cracked in 5 times the amount of words in that dictionary? I'm not sure how large the vocabularies of the generators are, but I would guess a random 17 char password might be safer than a 5 phrases password?