Depends who you need privacy from. I recall Stallman’s advice about VPNs - that to avoid having your information turned over you should choose a VPN from a country whose government is no friend of your government. Depending on your threat model, I could see this being the same principle

Even easier and more comfortable - count the pads instead of the knuckles. You can count to 12 with one hand, or 144 with two

Probably not. It looks like it’s setting the fake address before reading the tunnel parameters, where the real address is stored. Probably a kludge in case the connection address is undefined so the program doesn’t crash. So check whether the address is included there.

Also check the function that establishes the connection. 10.1.1.1 is not a public subnet, so unless there is a VPN device listening at the local address, the tunnel should fail to establish and throw an error, triggering the exception clause in that code. Again, you’ll want to confirm that in the code.

If your usecase and threat model don’t require the pinpad, Onlykey Duo is worth a look. No pin, USB A or C, and still gives you 6 slots to support any combination of Fido2, TOTP, SSH, PGP, and password storage.

Manually keying in the pin is only needed when plugging in the device. Challenges for TOTP, FIDO2, etc. are a configuration option, and are only 3 digits if enabled (press any button if disabled).

As for “excessive amount of security”, security as an absolute measure isn’t a great way to think about it. Use case and threat model are more apt.

For use case, I’ll point out it’s also a PGP and SSH device, where there is no third party server applying the first factor (something you know) and needs to apply both factors on device.

For threat model, I’ll give the example of an activist who is arrested. If their e-mail provider is in the country, they can compel the provider to give them access, allowing them to reset passwords on other more secure services hosted outside the country. The police now have the second factor (something you have), but can’t use it because it’s locked.

https://onlykey.io/

Built in hardware pin entry means your unlock code can’t be captured by a compromised machine. Emulates Yubikey if you need that, handles Fido / U2F, stores up to 12 passwords, acts as PGP and SSH key if you install the (open source) agent.

The SSH agent implementation is forked from https://trezor.io/ which is advertised more for crypyo wallet uses.

Edit: For OP’s concern about losing the key, it also has the ability to export an encrypted backup that can be restored to a replacement key

Guess I should switch. I always get funny looks when I say my number is “Beechwood 45789”

Sorry, but I have bad news for you. Privacy in major car brands no longer exists.

You don’t say where your family member lives, but you might look into smaller regional brands that focus on cheap cars for less overdeveloped areas of the world. Be aware the tradeoff is probably in safety features.

(Assuming US jurisdiction) Because you don’t want to be the first test case under the Computer Fraud and Abuse Act where the prosecutor argues that circumventing restrictions on a company’s AI assistant constitutes

ntentionally … Exceed[ing] authorized access, and thereby … obtain[ing] information from any protected computer

Granted, the odds are low YOU will be the test case, but that case is coming.

Definitely beatable as of last week.

For a privacy friendly OS, surprised nobody has mentioned Freedombox

It’s designed explicitly for your use case, along with an easy path to other self hosted services. When you’re ready for more than it offers through the web interface, it’s a full Debian install under the hood - so you can install whatever you need to. Privacy friendly and super stable, with smooth upgrades to new releases and security updates for old versions several years after the new one is available.

As far as hardware, your old computer is probably more powerful than a Pi and can support more drives, but the Pi will be more power efficient. As others have mentioned, if you care about your data long term then backups are a must, so a separate NAS or a Pi with a large drive for backup storage is a good idea as well, whatever OS you choose.

Galactic Pot Healer still warms my heart

As a professional sysadmin for a (not just web) hosting provider, any time I’ve run into Fedora on a server it has been an indication that:

1. The client was running something obsolete and unmaintained that would not survive an update. This would generally be a version of Fedora 2-12 versions behind current
2. Overtime was in my future as rolling updates broke their business a critical application
3. The system was set up by a client’s family, friend, or other nonprofessional sysadmin who would (or could) no longer support the rickety framework they had built on top of it, or
4. Some combination of the above

I could imagine it working in a devops environment at a company with a real development team that also happens to understand what sysadmins are for, but haven’t run into that in practice.

Seriously though, for a server you need something where security updates don’t end the day a newer version is released. LTS releases and security backports matter for stability, and you don’t get that with Fedora.

Edit: To be clear, I saw all of those things on other distros as well. I just can’t remember a single Fedora instance where I didn’t see one or more of them.

Not true. Free cellular connections exist in some places. And there are non-cellular solutions like LoRA trackers.

Probably because one of his alts was on dbzer0 and was banned for transphobia

I can’t take credit for writing it, but here you go!

https://workaround.org/