nutbutter 3 weeks ago • 73%
I am using Signal on two android phones, one android tablet and a linux PC. What do you mean it cannot work on multiple devices?
nutbutter 3 weeks ago • 95%
this is already happening in India. operators click photos, use biometric to verify government ID, before giving the user a SIM.
nutbutter 3 weeks ago • 100%
You can Nextcloud hosting from a reputed provider like Hetzner. install the maps plugin and you'll be able to share location with users. Since you'll be the admin, you can make as many accounts as you want.
nutbutter 1 month ago • 100%
Finish Crysis 2 and start Crysis 3.
nutbutter 1 month ago • 100%
Did you all know that there have been 5 mass extinction events till today?
nutbutter 1 month ago • 66%
I have tried to install Canon LBP2900B drivers a thousand times. It does not work on any distribution. I have to use a windows VM.
nutbutter 1 month ago • 100%
Films and shows, via Jellyfin.
nutbutter 1 month ago • 100%
No, they are not in RAID either.
nutbutter 1 month ago • 100%
The boot drive is an SSD, which is not in any RAID. I have another HDD connected via SATA. Another HDD connected via USB.
nutbutter 1 month ago • 100%
I did reset it. It did not help. I ran memtest86 for over 2 hours and did a CPU stress test for over 15 hours. Nothing crashed during the testing.
nutbutter 1 month ago • 100%
I cleaned everything and reapplied the thermal paste. That did not solve the problem. Also, the CPU is only of 35 watts and never goes over 55°C.
nutbutter 1 month ago • 100%
I cleaned everything and reapplied the thermal paste. That did not solve the problem. Also, the CPU is only of 35 watts and never goes over 55°C.
nutbutter 1 month ago • 100%
You can use universal android debloater to remove not only bloat but core google services as well, including google play services amd play store. Then solely rely on f-droid, obtainium etc.
You will have to use the advanced settings of UAD, amd you might have to do some tries, because removing anything important will make you reset your device.
nutbutter 1 month ago • 100%
I just ran it. It took over 2 hours to finish. Showed no errors. Is there a benefit of running it for a few days?
nutbutter 1 month ago • 100%
I'll have what he's having.
nutbutter 1 month ago • 100%
Of course. GPT by OpenAI is completely closed source.
I bought an Optiplex 5040, with an [i5-6500TE](https://ark.intel.com/content/www/us/en/ark/products/88186/intel-core-i5-6500te-processor-6m-cache-up-to-3-30-ghz.html), and 8 GB DDR3L RAM. When I bought it, I installed Fedora Server on it. It got stuck every few days but I could never see the error. The services just stopped working, I couldn't ssh into it, and connecting it to a monitor showed a black screen. So, I thought let's install Ubuntu Server, maybe Fedora isn't compatible with all of its hardware. The same thing is happening, now, but I can see this error. Even when there's nothing installed on it, no containers, nothing other than base packages, this happens. I have updated the bios. I have tried setting `nouveau.modeset=0` in the grub config file. I have tried disabling and enabling c-states. No luck till now. Would really appreciate if anyone helps me with this. UPDATE: - I cleaned everything and reapplied the thermal paste. I did not see any change in the thermals. It never goes over 55°C even under full load. - I reset the motherboard by removing that jumper thing. - I ran `memtest86`, which took over 2½ hours. It did not show any errors. - I ran a CPU stress test for over 15 hours, and nothing crashed. - I also ran the Dell's diagnostic tool, available in the boot menu of the motherboard. The whole test took over 2 hours but did not show any errors. It tested the memory, CPU, fans, storage drives, etc.
nutbutter 2 months ago • 100%
There is an Indian TV series (Amazon Prime Original), named Breathe. A father starts killing people who have been listed as organ donors, one by one, until his son gets new lungs.
nutbutter 3 months ago • 100%
I use Fedora Server with Podman (instead of Docker). I am not a noob either, but cockpit provides a really useful GUI for managing the whole operating system.
nutbutter 3 months ago • 100%
I highly recommend using PeerTube instead of YouTube.
For voice, I recommend using something Ardour or LMMS to mask your real voice with some filters.
nutbutter 3 months ago • 100%
I recommend using WebM container with VP9 codec instead of GIF if you are exporting it for web. It even supports alpha.
nutbutter 3 months ago • 100%
nutbutter 3 months ago • 100%
Handbrake is great. But I would also recommend using Kdenlive. It is a video editor but if you just open your video in it and just export the project, you will get some good output format options.
nutbutter 3 months ago • 100%
Yes, known as Duress password.
nutbutter 3 months ago • 100%
I have created a blog post about how to bypass CGNAT for self-hosting. I have also written a little bit aboit how Cloudflare works.
nutbutter 4 months ago • 100%
I am assuming your system is updated. What is the output of xrandr
?
Also, have you tried logging in to an Xorg session, and then changing the refresh rate?
nutbutter 4 months ago • 100%
6th gen's integrated GPU cannot decode HEVC.
nutbutter 4 months ago • 100%
My optiplex with i5-6500TE can transcode 4K videos easily if the codec is AVC. HEVC is different story though. Any CPU newer than 10th generation would be more than enough for your needs, I'd say.
nutbutter 4 months ago • 28%
Source of the last point?
nutbutter 4 months ago • 100%
Use Proxigram. It works, most of the times.
nutbutter 5 months ago • 100%
I am not really into development. I just really like the idea of having a smart watch.
nutbutter 5 months ago • 100%
Again, no shipping options to my country.
I live in India, how can get one? Any secure way of using a proxy address, which is also trusted. I really, really want a smart watch, but I do not want to buy a typical one, due to privacy reasons. I use Lineage OS. Do I have any other options? Like using a smart watch without connecting it to my phone or internet at all? Using Asteroid OS and Bangle.js isn't an option for me, I have tried a lot to find a compatible watch with no luck at all.
nutbutter 5 months ago • 100%
Muwahahahaha.
nutbutter 5 months ago • 100%
Not sure. Will have to try it out.
nutbutter 5 months ago • 100%
GIMP is very different, but Krita is quite similar. Pretty sure you won't miss much. However, I am not an advanced user, so, I cannot say for certain. Also, some shortcuts are different. But do try Krita. It is awesome.
nutbutter 5 months ago • 100%
What about Fedora users?
My current setup is an old MacBook woth 2 external HDDs, and I am almost happy with it, for now. I just saw [this mini PC](https://www.amazon.in/thinvent-Micro-Client-Operating-System/dp/B096KR2WHK) on Amazon and I am considering buying it, just to try out a new thing. I think it is cheap (~22 USD). What I am worried about is that this much memory and storage might make it almost unusable. I was thinking of hosting some minor services, like remark42, shynet or vaultwarden. What else do you think I can host? If my mind changes, I will also try it with a desktop environment and try to connect it to my 4K Android TV. Here are some specs, if you don't want to visit the webpage: | | | | ----------------------------- | ------------------ | | Brand | thinvent | | Personal computer design type | Mini PC | | Operating System | Linux | | Memory Storage Capacity | 16 GB | | RAM Memory Installed Size | 2 GB | | CPU Model | Cortex A5 | | Special Feature | Memory Card Reader | | CPU Manufacturer | ARM | | Wireless network technology | Wi-Fi | | CPU Speed | 2 GHz | | Graphics Coprocessor | Integrated Graphics | | ------------------------------ | ----------------------------- | | RAM Memory Maximum Size | 16 GB | | Hardware Interface | Ethernet | | Memory Speed | 2 GHz | | Item Dimensions LxWxH | 10 x 10 x 1.8 Centimeters | | Speaker Description | built in | | Video Output Interface | HDMI | | Graphics Card Description | Integrated | | Hard Disk Interface | Unknown | | Style | With Wi-Fi | | Manufacturer | Thinvent Technologes Pvt Ltd | | Form Factor | Small Form Factor | | Item Height | 1.8 Centimeters | | Item Width | 10 Centimeters | | Product Dimensions | 10 x 10 x 1.8 cm; 460 g | | Item model number | Micro 5\_2021 | | Processor Count | 1 | | RAM Size | 2 GB | | Computer Memory Type | DDR4 SDRAM | | Hard Drive Size | 16 GB | | Hardware Platform | Linux | | Lithium Battery Energy Content | 5 Watt Hours | | Manufacturer | Thinvent Technologes Pvt Ltd | | Country of Origin | India | | Item Weight | 460 g |
cross-posted from: https://discuss.tchncs.de/post/13529286 > Signal Group for Indians > > Whether you're living in India, or abroad, join this Signal group to meet fellow Indian privacy enthusiasts.
cross-posted from: https://discuss.tchncs.de/post/13529286 > Signal Group for Indians > > Whether you're living in India, or abroad, join this Signal group to meet fellow Indian privacy enthusiasts.
This repo is also mirrored to [Codeberg](https://codeberg.org/aiquiral/easytodo). I made an easy to use ToDo app, just to learn a bit about programming and Flutter. It does not really provide any benefits over other ToDo apps, but I am glad that I was able to make this. You can download the APK for Android, rpm for RHEL/Fedora or just use the AppImage. I am willing to work more on this, you can read the roadmap in the link provided. Any guidance, criticisms, or comments will be greatly appreciated.
A cat, labelled “me”, sits in a small cup, labelled “your heart”, and becomes happy with glistening eyes.
Even after enabling JS, all I saw waa a white/blank page. They probably want me to enable cookies and/or DOM storage.
I am new to FuckCars, and personally, I feel very much aligned to this ideology. Particularly, the amout of environmental damage the fuel consumption causes, concerns me. However, sometimes, I feel like I am a hypocrite, because I drive a motorcycle, which again, causes pollution. But, in my defense, I always try to use my bicycle if I can, and use my motorbike only when necessary, because public transportation system isn't great in my city. Also, the amount of pollutants my bike releases is way less when compared to a car, or even a small hatchback. The bike in question is only 160cc, and does 30-40 km/litre (~18-25 miles/litre). So, what is your opinion on all this, and how can I improve my situation?
❌ GN ❌ ✅ Goodnight, my love. Hope you have the sweetest dreams. I love you! ✅
cross-posted from: https://discuss.tchncs.de/post/11732557 > Signal Group for Vegans > > If you're a vegan, or willing to go vegan, you may join this Signal group. > > [https://signal.group/#CjQKIEL2AAqK0gGc3Q3MKdzY3yJzuzTg49ZOKuyMKHHkci6yEhDingsMPcJOH7bqsC7esBFg](https://signal.group/#CjQKIEL2AAqK0gGc3Q3MKdzY3yJzuzTg49ZOKuyMKHHkci6yEhDingsMPcJOH7bqsC7esBFg) > > To prevent spam, I have turned on "Approve new members" option. > > ----- > > If you want a much more active group, you can join the Matrix group. > > To join Matrix, visit [https://joinmatrix.org/](https://joinmatrix.org/). > > To look at all the rooms in Vegan space, visit [https://matrix.to/#/#vegan.en:tedomum.net](https://matrix.to/#/#vegan.en:tedomum.net). We have rooms for all types of things, discussing tech, debating etc. > > General Room - [https://matrix.to/#/#vegan.en.general:tedomum.net](https://matrix.to/#/#vegan.en.general:tedomum.net)
cross-posted from: https://discuss.tchncs.de/post/11732557 > Signal Group for Vegans > > If you're a vegan, or willing to go vegan, you may join this Signal group. > > [https://signal.group/#CjQKIEL2AAqK0gGc3Q3MKdzY3yJzuzTg49ZOKuyMKHHkci6yEhDingsMPcJOH7bqsC7esBFg](https://signal.group/#CjQKIEL2AAqK0gGc3Q3MKdzY3yJzuzTg49ZOKuyMKHHkci6yEhDingsMPcJOH7bqsC7esBFg) > > To prevent spam, I have turned on "Approve new members" option. > > ----- > > If you want a much more active group, you can join the Matrix group. > > To join Matrix, visit [https://joinmatrix.org/](https://joinmatrix.org/). > > To look at all the rooms in Vegan space, visit [https://matrix.to/#/#vegan.en:tedomum.net](https://matrix.to/#/#vegan.en:tedomum.net). We have rooms for all types of things, discussing tech, debating etc. > > General Room - [https://matrix.to/#/#vegan.en.general:tedomum.net](https://matrix.to/#/#vegan.en.general:tedomum.net)
My brain going from happy, because I love you, to sad, because I miss you: PARKOUR!
The picture is displaying two girls, where one girl, labelled “me”, is holding a big tuba, labelled “my love for you”, directly on the face of another girl, labelled, “you”.
Car going off-road, accidentally, labelled as “Your sadness”. Cat near the tyre, pushing the car on road, labelled as “Me doing my best to make you smile, one meme at a time”.
Let me teach you some maths, real quick. You + Me = Happy Life
The ocean is deep. But you know what's deeper? Our love!
Professor be like Parts of Body, Parts of Soil, Parts of this, Parts of that BUT I JUST WANT TO BE A PART OF YOUR LIFE
Are you a murderer? Because you just killed my sadness.
*I am not referring to solo OnlyFans models. I find almost every American porn video similar. They have a few plots which they keep repeating. 80℅ of those videos have similar looking women. I feel that they are not trying anything new. And personally, I do not find their accent as appealing as British accent. European porn industry, on the other hand, feels like they are taking more courageous decisions. German and Russian femdom videos are so much better. British teacher-student videos actually make you learn a new English word or two. I find Spanish and Italian women much more appealing. One thing I really like is that they include a variety of body types in their videos. This is just my take. I would really like to know what you all think. PS - I am an Indian, and I like Indian and Japanese porn videos more than European ones. Edit - How do I mark a post as NSFW on Voyager?
Websites like ipv6-test.com and test-ipv6.com say that my browser is using IPv4 by default. This happens on Firefox and LibreWolf. I have tried creating a new profile without add-ons as well. Ungoogled Chromium uses IPv6 by default. If I go to [ifconfig.io](https://ifconfig.io/) using Firefox, IPv4 is displayed. But if I use Ungoogled Chromium, IPv6 is displayed. **Is there a way to force IPv6?** I am not bothered by this, but using tools like `ping6` and `traceroute6` assures me that IPv6 routing is faster for, at least, one of my ISPs.
What are your favourite, or least favourite but necessary, cost-cutting methods? I feel I am spending too many resources on unnecessary stuff. Edit: I feel the need to reduce both – the resources, to host multiple things on one system, and cost, to buy/pay for multiple systems. Currently, I have 2 ARM VPSes and 1 old MacBook Air as a home server.
Currently, I am using Montserrat. Even though it is licensed under Open License Font, I do not feel comfortable using it anymore, probably because it is used in over 17 million websites and is considered overused. Another reason is that I have to load multiple font weights, as bold tags do not work as intended. A single weight is over 20kb in size (after removing unused glyphs). I want to keep my site lightweight, and good looking. Also, after looking at [motherfuckingwebsite.com](https://motherfuckingwebsite.com/) and [perfectmotherfuckingwebsite.com](https://perfectmotherfuckingwebsite.com/), I feel sad about loading any external fonts. I want a sans font, and I am also using `-webkit-text-stroke` with transparent fill to give some text outline effect. What are your suggestions, fellow lemmings? What is your favourite font? Should I just stick with Liberation Sans?
Until yesterday, I didn’t even know you could use the docker images and the same docker-compose configs with Podman. The UI you are looking at is Cockpit, which can be installed on almost any Linux Server. I have used it before but I am amazed by its integration with Podman. Seriously, consider trying this, once. Here's another screenshot of Cockpit: ![](https://discuss.tchncs.de/pictrs/image/d9ff5132-2678-47a2-b312-7fe6e7f49783.png)
**TL;DR - `option forwardfor` and `http-request set-header X-Real-IP %[src]` are not working.** My setup is slightly complicated. I have a homeserver, with HAProxy installed and some docker containers. My homeserver is, then, connected to a VPS via WireGuard which also has HAProxy installed. HAProxy on homeserver forwards the docker containers with an SSL certificate to the VPS. The VPS, then, just does TLS pass through to the clients. The issue is, if I do not use `option forwardfor` in either of the 2 HAProxy configurations, I get the internal IP address of the docker container (172.XX.XX.1). If I add `option forwardfor` on the homeserver's HAProxy config, I get the internal IP of the WireGuard of the home server (10.0.0.2). And if I add `option forwardfor` to the HAProxy config of the VPS as well, I get the internal IP of the WireGuard tunnel (10.0.0.1). And as far as I know, `http-request set-header X-Real-IP %[src]` has no impact. I have also tried using `send-proxy` and `send-proxy-v2`, but then the whole setup stops working. **HAProxy config on home server:** ``` global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20> ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen rp bind *:443 ssl crt /path/to/cert.pem acl service1 hdr_sub(host) -i service1.domain.me acl service2 hdr_sub(host) -i service2.domain.me use_backend service1_backend if service1 use_backend service2_backend if service2 backend service1_backend server service1_server 127.0.0.1:8080 backend service2_backend # option forwardfor # http-request set-header X-Real-IP %[src] server service2_server 127.0.0.1:9090 ``` **HAProxy config on VPS:** ``` global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon tune.ssl.default-dh-param 4096 defaults log global mode tcp # option forwardfor timeout connect 5000 timeout client 50000 timeout server 50000 listen http bind *:80 mode tcp server default 10.0.0.2:80 listen https bind *:443 alpn h2,http/1.1 mode tcp # option forwardfor header X-Real-IP # http-request set-header X-Real-IP %[src] server main 10.0.0.2:443 ``` I have to resort to this because I am behind CGNAT, and want TLS pass through on the VPS for privacy. What am I doing wrong?
Why should we install wordpress using `dnf install wordpress` rather than just downloading the files? is it because those PHP file won't work due to SELinux, or is it something else? Also, if I am importing NGINX config files and database backups (made using `msqldump`) from another server, do I have to do something with them before they can work? Another thing that I have seen is that in the nginx.conf file in Fedora, the user is set to nginx, while on other operating systems it is set to www-data by default. Why is that? I am asking this because I want to migrate from a Debian server to a Fedora Server (preferably on ARM).
I am trying to set up a reverse proxy server, with TLS passthrough. I am behind CGNAT, so I cannot forward any ports from my home server. So, my current workaround was that I connected my home server to a VPS via WireGuard and used Nginx Proxy Manager (NPM) to proxy services running on different docker containers to the VPS, so that they are accessible publicly. But now I want to use TLS passthrough for better privacy. But I cannot find any guides for my case. I need help with 2 issues, basically. Let's take a look at my `passthrough.conf` file, which I have included in `nginx.conf` file. ``` stream { # Listen for incoming TLS connections on service1.domain.me server { listen 443; proxy_pass service1.domain.me; proxy_ssl on; proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_ssl_name $ssl_preread_server_name; } # Listen for incoming TLS connections on service2.domain.me # server { # listen 443; # proxy_pass service2.domain.me; # proxy_ssl on; # proxy_ssl_protocols TLSv1.2 TLSv1.3; # proxy_ssl_name $ssl_preread_server_name; # } # Define the backend server for service1.domain.me upstream service1.domain.me { server homeserverIP:port; } # Define the backend server for service2.domain.me # upstream service2.domain.me { # server homeserverIP:port; # } } ``` The services are running in docker containers on different ports. When I used two server blocks and two upstream blocks, I got this error while testing NGINX config: `nginx: [emerg] duplicate "0.0.0.0:443" address and port pair in /etc/nginx/passthrough.conf:13`. So, I commented out the other server block and tested it again. The test was successful, but NGINX failed to restart. When I checked the `systemctl status` I saw: `nginx[2480644]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)`. This is because I am already hosting multiple WordPress sites on this VPS. Here's my `nginx.conf` file: ``` user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; } http { sendfile on; tcp_nopush on; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_vary on; gzip_proxied any; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; client_max_body_size 100M; server_tokens off; } #include /etc/nginx/passthrough.conf; ``` I do not know much about NGINX configuration, any help or article links would help.
We all hate ads, primarily because it is an unethical usage of our data for profits. So, if a person does not want to pay companies like Google, Meta and Microsoft, what alternatives are there to advertise or promote a product or service? Sure, there are options like posting on online forums, groups and email marketing, but the results do not come anywhere close when compared to paid ads. Are there privacy respecting companies that provides ad placement services? DuckDuckGo uses Microsoft ads, Mojeek didn't reply and Qwant isn't available in my country. Say, I provide a service to a specific type/group of people, what is the most efficient and ethical, and least annoying way to reach them? Say, I own a restaurant or something. How do I attract more customers? I am willing to pay, but to not data-hungry companies.
Hi. I have been into self-hosting for about 2 years, now. My current setup is that I have a home server and a VPS. My ISP does not let me forward any ports (I am behind CGNAT, I think), so, I have connected my home server to a VPS via a WireGuard tunnel and am using Nginx Proxy Manager (NPM) to proxy the services hosted on my homeserver to the public. Now, the traffic that goes from my home server to the VPS and from VPS to the public are encrypted, but theoretically, the VPS provider can look at the data passing through, since this is technically TLS termination. Although, I trust my VPS provider more than I trust my ISP, I am thinking about setting up TLS passthrough, for additional privacy. But I have a few questions and I would be greatful if anyone can help me. 1. Do I need to put the SSL certificates on my homeserver, or can they remain on the VPS if I have to set up TLS Passthrough? 2. Is port forwarding required to set up TLS passthough? 3. Does NPM support TLS passthrough, or should I shift to HAProxy? If there are any issues with my current setup, or the assumptions I am making, please guide me.
I would donate to (and have donated to some of) the following: - [Vaultwarden](https://github.com/dani-garcia/vaultwarden) - [Jellyfin](https://jellyfin.org/) - [Invidious](https://invidious.io/) project and [yewtu.be](https://yewtu.be/) instance - [Shynet](https://github.com/milesmcc/shynet) - [Riseup VPN](https://riseup.net/en/vpn) - [Photoview](https://github.com/photoview/photoview) - [Jerboa](https://github.com/dessalines/jerboa)
Lemmyers? Lemmurs? Lemmyists? Lemmitors?
Considering my threat model is just preventing my ISP to know which websites I am visiting and to prevent my government (India) from tracking me, do I need to use a VPN? Currently, I am using a *trusted* VPN provider with a permanent kill switch and am never off of the VPN. Today, I was reading IVPN's homepage and it says, "A VPN can be effective at encrypting your DNS requests so your ISP or mobile network provider cannot monitor or log the domains you visit." But as far as I know, DNS over HTTPS does encrypt the DNS requests. Right? I regularly clean my cookies, use hardened browsers, etc. So is a VPN really necessary for me? Or shall I just shift to using Quad9's DoH or something? Edit - I am using the router provided by the ISP and I cannot change it because I am behind CGNAT. I can use a separate device and install PfSense or OpenWRT or something on it and use that as a firewall. Any suggestions there?