Not being run by corporate overlords

Seriously though, the community is a lot healthier

What would you have them do? The fault falls squarely on the leadership of these problematic departments

It also doesn’t help that funding and people are in short supply. It is very hard to replace a police officer

I’ve met some really good cops. I’ve also seen a bunch of corruption and bad policing.

I don’t think it is fair to call all cops bad. They are the ones who respond first when you need help.

Simplex Chat is another option

While I don’t personally engage in piracy, I can definitely see why people go that route. Streaming services suck so much. All these companies had to do was make it more convenient to not pirate.

Don’t them ideas

I think you are legally liable for damages

That isn’t great from a security perspective

I’m never going to recommend something that I can’t get to work reliability. Also the lack of a security audit is a major deal breaker.

Communications is one of those things that needs to be absolutely solid.

My personal experience

Also they haven’t had a security audit

Sort of I guess

Why does it matter?

Don’t use Jami. It is a security nightmare and unreliable.

I honestly would prefer something like Briar

Docker restricts the permissions of software running in the container. It is hardened by default and you need to manually grant permissions in some rare cases.

Always good advise

However, OpenSSH is pretty solid security wise. https://www.openssh.com/security.html

Note: it is best to check the official security pages instead of random websites.

Yes and no

Breaking out of docker in a real life context would require either a massive misconfiguration or a major security vulnerability. Chances are you aren’t going to have much in the way of lateral movement but it is always good to have defense in depth.

This is security theater

Flaws in SSH do happen but they are very rare. The solution to this is defense in depth which is different than security by obscurity.

To expand on this a bit:

A lot of attacks are automated since the goal is to compromise as many hosts as possible. These hosts are then used in a botnet or sold to people on shader websites to use as proxies.

IP whitelists are not terribly secure and are quite a hassle.

Instead use a overlay VPN or some sort of extra security layer like mTLS or Authelia

With SSH it is easier to do key authentication. Certificate authentication is supported but it is a little more hassle. Don’t use password authentication as it is deprecated and not secure.

The key with SSH (openssh specifically) is that it is heavily audited so it is unlikely to have any issues. The problem is when you start exposing self hosted services with lots of attack surface. You need to be very careful when exposing services as web services are very hard to secure and can be the source of a compromise that you may or may not be aware of.

It is much safer to use a overlay VPN or some other frontend for authentication like mTLS or an authenticated reverse proxy.