This is a bit meta, but, by publishing our setups (such as mine), are we actually putting ourselves at risk?
It’s of course necessary to tell others what you use, so you can advise and recommend them, or get advice and recommendations yourself, but, at the same time, you’re also revealing all the potential attack surfaces to the world?
I suppose, it’s also possible to do this anonymously, which might reduce the risks a bit?
I’m interested in hearing thoughts on this. I don’t often share my setup too publicly, or, other information about myself publicly.
It’s a bit too late now, and I don’t feel unsafe with it, but, I made a decision a while ago to not use a fake name on the internet, and that of course makes anything I say identifiable with me. - But I’m not alone. Anyone with interactions with development and stuff, such as this site’s own team, usually do it under their real name.
Privacy is a spectrum.
Me for example, I choose not to use my real name on the internet. I use an uncommon nickname I had on online games as my “name” on services that know my real identity and friends also call me that. As for everything else, Bitwarden randomized usernames.
I’m okay sharing which country I’m from, and the details of my website, but I don’t say the URL or specific location unless I know the person.
Don’t worry about using your first name, it’s a very common name and shouldn’t identify you.
I think security and privacy should be based on design, not based on trust. That’s why I always look for E2EE, P2P, and most importantly, decentralized/Web 3.0 alternatives lately. The idea of finding some reputable centralized services is outdated to me. To me, if things are secure and private by design, it will work that way all the time no matter what, and it does not matter whether I am revealing all my attack surfaces since it’s designed to work that way.
Nevertheless, no design is perfect. So, it’s constantly evolving by helping/sharing with each other. At least, we can evaluate our strategies, and then we might be able to find some flaws, fixed, and evolved.
I dont mind sharing my specific setup. The beauty of it is its open source and very much open to scrutiny. This is why we like services with recent audits.
We really dont advocate security through obscurity because we know it doesnt work.