I wish the internet was different
I vaguely remember the internet of mid to late 2000s. Google Search (back then just "Google") was terrible in non-english languages, and countries had their own search engines that were far superior. Most people were using Internet Explorer, but few weirdos installed Firefox or Opera instead. There was lots of stuff to do online, but so little in comparison with today. I was making websites, built with tables, iframes, and textured repeating backgrounds.
I miss that old web... even though a lot about it sucked. You needed Adobe Flash to play videos. Everything would break if you owned weird monitor or just had the browser window resized. To open the browser, your hard drive would scream as it was searching for the data. A page would not load in under five seconds.
What we can do, just as we could two decades ago, is to open up a computer to the internet and serve our own stuff. I'm confident I could hand-make a website, looking like this one, hosted on my own computer, in half hour.
But I am not going to do that. Sure, the internet has never been unicorns and rainbows, but I won't call that thing beyond my firewall anything else but toxic sewer.
Maybe you can protect yourself from DDoS attacks executed by AI scrapers by using Iocane, or Anubis, or both. I did talk AI on my blog before, but I have been deliberately ignoring the raw reality of how the large language models came to be. I am excited by the technology, but repulsed by its messy reality. Not to mention it might be a totally wrong way to do it long-term from mathematical perspective, as recent Welch Labs video suggests. But let's ignore AI scrapers for now.
Even before AI there was a lot of weird software knocking on the door. Sometimes I open logs on my firewall and I am surprised how many TCP connections are attempted, even though my residential IP address has appeared zero times on the internet, has never served any content, and gets pointed at by a single A DNS record that appears zero times on the whole internet. Reverse DNS name is just the ISP's infrastructure record.
I am terrified by the idea of someone getting into my home network and lurking in it. I selfhost a bunch of web applications for myself, and I do have TLS configured internally... but I haven't yet done the homework to secure my homelab otherwise. Basically all services expose their application ports to the local network, you don't need to go through the TLS terminating reverse proxy to connect to them. Since my homelab has its own certificate authority chain, some applications simply refuse to work with it, and I have to connect directly over HTTP.
Some of the servers contain my backups unencrypted, and it could be a gold mine for anyone or anything trying to extort me or simply being a dick and leaking it.
My servers have SELinux enabled, but do I ever check the audit logs?
Let's ignore even these malicious actors trying to get in. There's still more. To get anywhere on the internet, you need a DNS record pointing at an IP address.
That DNS record is tied to a physical identity of either a person or a company. In both cases it is likely to be traceable to you. Even if your registrar offers DNS privacy (mine does), your name and identifier might still public in the contact field. Some "new cool" registrars like Porkbun claim their WHOIS privacy redacts everything, but some domains simply do not allow it (like .eu, .de, or .co.uk).
I am fine with the registrar having my full contact details. It is their job to fight a lot of nasty stuff that benefits me as an internet citizen.
I am not fine with telling that to the whole internet, where the median person is not nice at all, and probably isn't even a person. OpSec and anonymity is very hard even without this.
I have been thinking a lot about this. About what I'd be comfortable with.
I have considered using some obscure protocol, like Gemini or Gopher, to save myself from the hordes of attackers speaking HTTP. But that would both reduce my audience to zero readers, and given how the protocols are limited, there would be little to no interactivity.
I have considered self-hosting an IRC or XMPP server for my friends, given the state of chat platforms these days. I spent two evenings on it with a grand result of nothing. Skill issue, probably. I did manage to get Mattermost working though, even if their docker-compose & env file were annoying as hell to rewrite into nicely-structured Quadlets.
I could put all my services on Tor, but requiring a Tor proxy (or full Tor browser) to read a blog or chat with other people feels almost apocaliptic.
I am still not confident I would be able to survive and contain an infected container accessible from the internet. Actually I am certain I wouldn't. All my container pods share the network: the default Podman bridge network that is allowed to talk to the internet. Having one network for each pod, and a single Ingress container with access to the individual isolated networks, could be a good start.
I want to have a machine running this isolated from whatever I use to store my personal data long-term. Physical isolation isn't possible, but its own network segment, or strict firewall not allowing that host to talk to anything else internally, would help with the confidence.
I am a software engineer, and while I am very security minded, my expertise ends at around systemd and kernel level, network security is still dark magic to me. Don't you dare mention VLANs in front of me.
I just wish we could trust each other and we could enjoy the fact we have this amazing technology available for anyone to learn.