{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicd4cxmiysj2mlak5jpv7j3rprullkdwymsngemvmjlkti6slyqrq",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mhamr3hkevj2"
  },
  "path": "/t/secure-100-privacy-conscious-setup-for-remote-access/36333#post_6",
  "publishedAt": "2026-03-17T08:56:21.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Just fyi 100% secure and 100% private doesn’t exist. I agree with the other poster who said threat models are important.\n\nTailnet would probably be enough for the average Joe. If you end up using it take a look at Tailnet Lock\n\n> Tailnet Lock lets you verify that no node joins your Tailscale network (known as a tailnet) unless trusted nodes in your tailnet sign the new node. With Tailnet Lock enabled, even if Tailscale were malicious or Tailscale infrastructure hacked, attackers can’t send or receive traffic in your tailnet.\n\nThat said if you want to go the WireGuard route there is always the option to use DynDNS to connect to it. Most people probably don’t have a fixed IP so this would be a good solution.\n\nThat being said I’d advise you to start with hosting services that are not critical if the contents will be leaked. People make mistakes especially if you’re new to something. It’s part of the learning process and it’s probably not the smartest thing to play around with something very important like photos of yourself (Immich), other private files (NAS), or your passwords (Keepass). Even established companies struggle with security. Security is hard after all. Just keep that in mind.",
  "title": "Secure, 100% Privacy Conscious setup for Remote Access"
}