ReversalHatchery

forgot this part

P.S. I'm guessing OP doesn't actually have a CA and is just using simple self signed certificates without any private CA that has signed them.

I assume that too, however the person I responded to recommended using a full fledged CA cert.

but it's their CA so why would they do that?

I don't mean them specifically, but that to me managing access to such a CA cert's keys is security nightmare, because if I somehow get an infection, and it finds the cert file and the private key, it'll be much easier for it to make itself more persistent than I want it.

But if you don't trust your own CA what's the point of having a CA?

That's the point. I don't recommend having one. I recommend self signed certs that are

• limited to a lan (sub)domain or a wildcard of it
• you verified by the fingerprint (firefox can show this)
• you only allowed for those of your internal services for the cert was intended

Or if you don't want to deal with self signed certs, buy a domain and do lets encrypt with the DNS challenge.
That's also more secure, but can be more of a hassle, though I guess it depends on preference.

But then I would use this latter one too if I had opened any services to the internet, but I didn't because I don't need to.

I'll try this, thanks. but to fill in some missing context from my part, this is what I have been experiencing for the little more than a year I'm running an I2P router.

sure, I believe that. though google still knows precisely if you receive a new mail, and the bigger problem is that without google services notifications won't work whatsoever

oh, I see now, sorry! from mechanical I instantly thought you mean an HDD

titles and senders are not encrypted, they are capable of sending that

the catch is that you don't own that camera, only the manufacturer does. besides requiring an account and a connection to china to be able to use it, they have access to both your network, and to the camera feed. they'll use the network info to gather info about you, and the camera feed to train their face and gait recognition AIs, possibly also for intelligence

you should only need to allow this once for each domain/subdomain, surely that can't be that much of a pain.

yes that has to be repeated when the certificate changes, but make it with a 2-5 year expiration and it'll be safer than attempting to disable these security measures for all domains, which would be just very silly and careless

does not sound like a good idea. your own CA can sign certs for any other sites too, and it's dangerous.

I would say it's even more dangerous of you just think "nah, it'll be fine"

oh that was it, the account requirement was what I wanted to remember but couldn't! was sure it was something even worse, thanks for the help.

yeah if I would buy such a TV by accident, I would bring it back within the return period and tell that it was faulty, because it is.

the available outproxies were very much overwhelmed

honestly that's still my experience. it's not rare that websites like a DDG results page does not even load, I think from time to time I even have unable to connect errors, even though as I have stormycloud as my outproxy. probably something on my end, though, it seems then

they don't have any business with my fucking personal phone! where do you live, in the USA? if I only use an old dumb phone, they have no business about it! they can reach me when necessary, and that's all they need to care