Secure, 100% Privacy Conscious setup for Remote Access

avalanche-banjo:

without having to send that data through third party servers. I want total privacy.

Impossible. To connect remotely, you most forward your request through the internet to your home network. Someone is gonna have to know you are phoning home, period, even if they don’t see the traffic and it’s encrypted. The only way to achieve that is to stay on the LAN.

You should ask what you want privacy from. Threat models!

You could open a port on your router, have DDNS on your system or router, and forward requests directly to it (say you open a WireGuard port. No third party services to deal with, but whatever current network you are on (telecom, random wifi, etc) can see you are routing requests to your personal router directly.

Another alternative is TailScale, but tailscale will know your devices and generally their connection,

Lastly, you can rent a VPS and have it act as a forwarding server to an open VPN port on your home network, and you connect to the VPS. Whenever you are on random networks, they will see you connect to the VPS, but they won’t see you connect to your home router. The VPS will see you are forwarding requests to your router. If I’m understanding right, this is likely your best bet, as I don’t recall

Any other solution will always have someone knowing that you are routing to your home network. You need to decide which one is worth the tradeoffs. Personally, I prefer the last one, as this reduces the number of trusted entities to one (VPS) vs option 1 wherever you go your are constantly advertising your home router, increasing trusted entities to quite a few places.

—

Impossible may not be the perfect word, but other strategies are outside my skill level. I suppose you could find a way to get Tor into this picture, but now you are killing throughput for anonymity of you connecting to your home router via VPN. This seems like a waste personally, but again this comes down to threat models and if it’s really worth killing throughout with option 1 here (even then, exit nodes will forward your request to the open port…)