Sam A.

IVPN, Mullvad and Proton are some good ones.

Joplin synced to a self-hosted sync server with E2EE on, that’s my setup. Works great.

To be fair to Proton, it’s not necessarily them who’s blocking your emails. In my case, I’m able to send emails to fx. an @hotmail.com address, but not other domains. And from the error messages I get (though I don’t use Proton), it looks like it’s the receiving mail server that’s blocking my incoming mail, not my own server blocking my outgoing mails.

Thanks for replying, I ended up with Simply.com, a Danish provider (I live in Denmark). They didn’t want any KYC besides the usual you give when paying with a credit card, full name, address, email, phone. It’s a .me domain, so maybe that’s why.

My domain is still being transferred, so I’m crossing my fingers, but it’s a quite big provider, so I’m not really worried.

May I ask what domain registrar you switched to? I’m having the exact same issue, albeit not with Proton but another email provider.

Not that I’m gonna discuss your personal opinion, but what do you mean specifically by “ungoogle-able phone”?

Perhaps you could also print an encrypted version of your Bitwarden TOTP secret on a QR code and bring it with you in your luggage?

So, encrypt the secret with a passphrase you can remember, encode the entire thing in a QR code and print it on a piece of paper. Easy.

So your password manager uses your phone as 2FA, and the credentials inside your password manager also use your phone as 2FA? Hmmm…

So essentially, you can’t bring your phone, that’s the main issue. Does your authenticator on your phone support exporting a backup? Then store that in your password manager if that’s possible and set up an alternative 2FA for your password manager (SMS on the burner phone number perhaps or a security key). Then when you arrive, reinstall the authenticator on your burner phone and import the backup.

I’ve been there, I used the “encrypted partition to be unlocked after boot via SSH”-option, but it quickly became tedious to have to input the password every time it rebooted. I wanted something that could recover by itself (I.e. start everything up again after a potential crash), so that I could maximize uptime and the investigate the crash later.

So I ended up disabling encryption. What I did instead was to find services with E2EE for my most sensitive stuff. Joplin for my personal notes is currently the only thing I have encrypted. Nextcloud has experimental E2EE, though I’m not really using it as of right now. Everything I deem too sensitive to trust my server with unencrypted, I store on encrypted flash drives.

I think the risk of the server itself being compromised/hacked is bigger than physical theft (at least in my case), and if you take some good precautionary measures, even that risk is pretty small unless you’re being directly targeted by a skilled adversary. If the latter is the case, don’t store sensitive stuff on something with an IP address.