6·
16 days agoIf the servers have public IPs and you want the minimum possible ports open, just SSH? With passwords disabled and large keys, it’s quite secure.
If that’s still not enough for you or you need a private gateway, then Wireguard. I can strongly recommend Tailscale - It’s really an orchestration layer on top of Wireguard. You can setup your own Derp relays and head scale if you are truly paranoid. But 99.9% you don’t need all that and Tailscale out of the box will work well.
Also Tailscale isn’t a single point of failure the way you’re imagining. It’s certainly possible for Tailscale’s servers to go down, but that won’t drop existing connections.
Yes, there’s definitely worse out there.
But this is still worth fighting. It’s a bellwether for more restrictive age+identity verification laws, and those should not exist in the US. The gov’t shouldn’t have any say in what I compute the same way they shouldn’t have any say in what I discuss using the mail. This is a clear step away from that and it’s important to make that clear to lawmakers now so they don’t use this as evidence the populace is ok with something stronger.