simply don’t have time
Sorry, but that is no reason. That’s a bit akin to having a dog and saying: “Nah I don’t have time to walk the dog now”. Selfhosting something that is publicly available (not as in “everyone can use it” but “everyone can access it”) bears some level of responsibility. You either make the time to properly set up and maintain it, or you shouldn’t selfhost stuff.
I would add searxng - a bit finnicky to set up but very powerful and customizeable.
Adding certificates is a 5 step process: Settings -> Privacy and Security -> View Certificates -> Import -> Select file and confirm. That’s on firefox at least, idk about chrome, but probably not significantly more complex. With screenshots, a small guide would be fairly easy to follow.
Don’t get me wrong, I do get your point, but I don’t feel like making users add client certs to their browser storage is more work than helping them every 2 weeks because they forgot their password or shit like that lol. At least, that’s my experience. And the cool thing about client certs is they can’t really break it, unlike passwords which they can forget, or change them because they forgot, just to then forget they changed it. Once it runs, it runs.
The “average user” shouldn’t selfhost anything. Might sound mean or like gatekeeping, but it’s the truth. It can be dangerous. There’s a reason why I hire an electrician to do my house installation even tho I theoretically know how to do it myself - because I’m not amazingly well versed in it and might burn down my house, or worse, burn down other peoples houses.
People who are serious about selfhosting need to learn how to do it. Halfassing it will only lead to it getting breached, integrated into a botnet and being a burden on the rest of humanity.
And I kinda don’t want to know if complex passwords and low retries before an account gets locked out are enough.
I’ve created a custom cert that I verify within my nginx proxy using ssl_client_certificate and ssl_verify_client on. I got that cert on every device I use in the browser storage, additionally on a USB stick on my keychain in case I’m on a foreign or new machine. That is so much easier that bothering with passwords and the likes, and it’s infinitely more secure.
People who don’t care about security are the cancer of the selfhosting-world. Billions of devices are part of a botnet because lazy/stupid owners don’t care about even the most basic shit, like changing the stock password. It’s insane.
As long as you don’t directly connect it to the internet, it’s not hard.
When you do, it does become hard.
Huh. GTA online used to work fine? Did they update that?
If you tax them like they’re poor, they’d pay even less tho
IP in itself might not be as much of a problem, unless you have a static IP, which most consumers don’t. And even if you do, you are also hiding a lot of baggage relating to user agents or other fingerprintable settings. IP alone is rarely used as a sole point to link your traffic to other datapoints. On top of that, you can still just decide to exclude google, bing etc from your search results and rely more “open” ones like DDG or ecosia.
Another huge upside of searxng is the aggregation of results. The search results of google are all up to, well, google. Same with bing, which is controlled by microsoft. If these companies now decide to “surpress” certain information, people using only those engines directly would no longer see those news. However, if you get your results from multiple search engines, you are not - or lets say less - affected by that kind of nonsense.
As always with news and information, the truth usually lies somewhere in the middle. And that’s where searxng helps out tremendously.