rhymepurple

I did not watch the mentioned video so I am not sure if what I am about to mention is discussed there or not. Also, sorry for the really long reply!

I am not aware of any available truly privacy respecting, modern cars. However, assuming theat you obtain one or you can do things like physically disconnect/remove all wireless connectivity from the car to make it as private/secure as possible, there still is little you can do to be truly anonymous.

Your car likely has a VIN and license plate as well as a vehicle registration. Assuming you legally obtained the vehicle and did not take any preventative measures prior to purchasing the car, those pieces of information will be tied back to you and your home address (or at least someone closely connected to you). You would need to initially obtain the vehicle via a compsy/LLC/partnership/etc. as the owner/renter/leasee of the vehicle and an address not associated to you. Additionally, you would need to find some means of avoiding or limiting the additional information connected to you that is likely required to obtain the vehicle like car insurance and your drivers license.

Additionally, any work that certain mechanics perform may be shared (either directly or indirectly) with data brokers - even just routine maintenance like an oil change or alignment. Hopefully you didn't use your credit card, loyalty rewards program, etc. when you had any work done!

There is also CCTV, security cameras, and other video recorders that are nearly impossible to avoid. Given enough time/resources and maybe a little bit of information, your car could be tracked from its origin to destination locations. This location history can be used to identify you as the owner (or at least driver/passenger) of the car. Unless your car never leaves your garage, you can almost guarantee that your car is on some Ring camera, street camera, etc.

Furthermore, anything special or different about your car (custom decal, unusual window tinting, funny bumper sticker, uncommon color for the car, uncommon trim/package for the car, dented bumper, fancy rims, replaced tires, specific location of toll reader placement on the windshield, something hanging from your rear mirror, etc.) all help identify your car. The make/model and year of your car can also be used to identify your car if its not a common car in the area. These identifiers can be used to help track your car via the video feeds mentioned above.

Then there are license plate readers which are only slightly easier to avoid than the video recordings. Permanent, stationary license plate readers can be found on various public roads and parking lots. There are also people who drive around with license plate readers as part of their job for insurance/repossession purposes. You may be able to use some sort of cover over your license plate(s) to hinder the ability of license plate readers to capture your plate number, but that could be used to help identify your car in video feeds/recordings.

Its really hard to tell from a technical perspective, especially without having closely monitored all of your digital activity (and those that you have been in close contact with) in the days/weeks leading up receiving the ads. Some things that Meta could have done (in varying degrees of realism) include:

• read anything you downloaded from your Matrix client, like file attachments
• read your notifications if they contain any contents of the conversation
• read your clipboard if you copy/pasted anything into/out of a Matrix client
• actively participating in the room and associated your Matrix ID to your Meta account(s)
• scraped the contents of the room if it is public and unencrypted
• others in the Matrix room saved your Matrix ID in your contact information within their contacts
• Meta is recording your screen outside of Meta's apps
• a Meta library is used in another app/service on your device that is sharing information back to Meta
• read an attachment that you downloaded elsewhere then shared on Matrix
• Meta read screenshots you or others took of the conversation
• Meta has a back door in the Matrix server or client software used
• the administrators of your Matrix home server (or the administrors of any other home server in the room) are sharing non-encrypted information to Meta to offset hosting costs
• Meta is running a home server of a user in the room
• you or someone you are associated with clicked on a link shared in the Matrix room that contained a tracker or led to a site that contained a tracker

Its really hard to comprehensively and conclusively avoid all "spying" that Meta/Instagram could do to you. The best thing that you could do is something that many people aren't capable or willing to do - not install any Meta software, don't use any Meta services, block any Meta IP addresses and/or domain names, and advocate that those around you do the same.

Realistically, the best advice that youre going to get has already been said. Use the web browser instead of the app as much as possible, ideally in a different browser and/or user profile. If you must have the app installed, keep it in a separate profile and kill the app and/or profile whenever it is not in use. Review all of your security and privacy settings in all Meta apps. Review any apps/services you allowed Meta to connect to/from (and the security/privacy settings of those apps). Reduce the amount of information that you enter/share on Meta platforms. Review the other users that you are connected with on Meta's platforms.

I did not know about autolinks - thanks for the link!

It is interesting how different parsers handle this exact situation. I usually am cautious about it because I typically am not sure how it will be handled if I am not explicit with the URL and additional text.

I'm curious about this. The source text of your comment appears that your comment was just the URL with no markdown. For your comment about a markdown parsing bug to be true, shouldn't the URL have been written in markdown with []() notation (or a space between the URL and the period) since a period is a valid URL character? For example, instead of typing https://google.github.io/styleguide/cppguide.html., should [https://google.github.io/styleguide/cppguide.html.](https://google.github.io/styleguide/cppguide.html) have been typed?

Yes, I am using PersistentVolumes. I have played around with different tools that have backup/snapshot abilities, but I haven't seen a way to integrate that functionality with a CD tool. I'm sure if I spent enough time working through things, I may be able to put together something that allows the CD tool to take a snapshot. However, I think that having it handle rollbacks would be a bit too much for me to handle without assistance.

Thanks for the reply! I am currently looking to do this for a Kubernetes cluster running various services to more reliably (and frequently) perform upgrades with automated rollbacks when necessary. At some point in the future, it may include services I am developing, but at the moment that is not the intended use case.

I am not currently familiar enough with the CI/CD pipeline (currently Renovatebot and ArgoCD) to reliably accomplish automated rollbacks, but I believe I can get everything working with the exception of rolling back a data backup (especially for upgrades that contain backwards incompatible database changes). In terms of storage, I am open to using various selfhosted services/platforms even if it means drastically changing the setup (eg - moving from TrueNAS to Longhorn, moving from Ceph to Proxmox, etc.) if it means I can accomplish this without a noticeable performance degradation to any of the services.

I understand that it can be challenging (or maybe impossible) to reliably generate backups while the services are running. I also understand that the best way to do this for databases would be to stop the service and perform a database dump. However, I'm not too concerned with losing <10 seconds of data (or however long the backup jobs take) if the backups can be performed in a way that does not result in corrupted data. Realistically, the most common use cases for the rollbacks would be invalid Kubernetes resources/application configuration as a result of the upgrade or the removal/change of a feature that I depend on.

There are several proprietary options (many/most of which you cannot host). Looking for Amazon Wishlist alternatives should help in putting together a list of potential options. Some additional projects which are open source and selfhostable that you could also start with include:

• Christmas-Community
• Gifthunter
• Listidge
• Listslist
• PHP Gift Registry
• Pønskelisten
• Wishlist App

Everything I mentioned works for LAN services as long as you have a domain name. You shouldn't even need to point the domain name to any IP addresses to get it working. As long as you use a domain registrar that respects your privacy appropriately, you should be able to set things up with a good amount of privacy.

Yes, you can do wildcard certificates through Let's Encrypt. If you use one of the reverse proxies I mentioned, the reverse proxy will create the wildcard certificates and maintain them for you. However, you will likely need to use a DNS challenge. Doing so isn't necessarily difficult. You will likely need to generate an API key or something similar at the domain registrar or DNS service you're using. The process will likely vary depending on what DNS service/company you are using.

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you're running your services behind Wireguard so there isn't too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you're more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won't know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).

Raspberry Pi + PiHole + PiVPN = Network Gateway Drug

Although, PiVPN is winding down so you might want to find something different instead. Setting up a regular Wireguard VPN isn't so bad, but it may be simpler to setup a Tailscale Tailnet.

I was looking for a free opensource sharing plateform first

What type of sharing platform are you looking for? A git repo? A single file sharing service? A code/text snippet sharing service? Something else?

There are many options available. Some have free, public instances available for use. Others require you to self host the service. Regardless, you're not stuck using Github just to share your user.js file.

the only sites I give permenant cookie exception are my selfhosted services

This is what I was referring to. How are you accomplishing this?

I'm still looking for the switches to block all new requests asking to access microphone, location, notification

I can't help with this at the moment, but if you're still struggling with this I can provide the lines required to disable these items. However, I don't know how to do this with exceptions (ie allowing your self hosted sites to use that functionality, but block all other sites). At minimum though you could require Firefox to ask you every time a site wants to use something. This may get repetitive for things like your self hosted sites if you have everything clearing when you exit Firefox.