DNS of HTTPS or TLS has been available for years, but it hasn't been adopted widely because the hello at the beginning if the three way handshake when connecting to a website ratted you out to your ISP anyways.
While this is good for survielience circumventing.. It is looking like the beginning of the end of DNS filtering and the popularization of encrypted telemetry.
Forcing the older generation to change from a service that works perfectly fine to another one that isn't as polished and isn't a houshould name is a loosing battle.
I'd just bring up privacy concerns from time to time and suggest ways to increase their privacy when they ask for advice.
I like ads as long as they aren't super personalized and advertising companies didn't track my every move I made to deliver it to me.
Plus if admins directly hosted ads they'd get 100% of the revenue, massive advertising companies routinely scalp the revenue and only give pennies to admins that host them.
Also consider the possibility of the app implementing DNS over https/TLS you may want to find a DNS that filters knonw DoH and block port 853 on your router.
/admin isnt a port it is just a subdirectory of lighttpd, the webpage pihole uses to display itself. If you don't specify a port, your browser defaults to port 80 for http, and 443 on https.
You can use the netstat -a while the webpage is open on your terminal to find what port is in use.
In docker you can find this and change it in the yaml file if you deployed that way, otherwise you may need to kill the container and remake it and choose a different port when specifying the "p" in docker.
If you didn't use docker for pihole you will have to navigate to /etc/lighttpd/lighttpd.conf and modify the port number there.
The issue is that pihole has a default on port 80 that can be set up to redirect to /admin. If your running searx on the same ports on the same IP something's gonna break.
You'll need to change one if the applications port number and specify the port in your URL (192.160.0.19:8080) to get there.
A reverse proxy will help only after you set your ports correctly.
Subnetting and VLANs can get hard to conceptualize when they are virtualized on a single machine.
I'd suggest going to draw.io and making a logical network diagram so that you can have a reference when setting up your network.
If you want EVERYTHING going through piHole which is on a different subnet, easiest way I've done it was make going through the pihole necessary to make it to the default gateway.
But if you have a different situation for pihole you can set up DNS relays.
Have you posted a suggestion on github? I feel like this was a proof on concept during development and maybe it was forgotten about further along the life cycle.
That doesn't make any sense.. If the URLs are server side that means there is no e2ee at any time because the server has to know when to shown the preview..
If that's true disabling preview generation doesn't really matter because the vulnerability would be elsewhere
I never used matrix, but do clients own the keys or are they stored on the server?
Yea, it does seem weird.. But money doesn't lie. Its very easy to search online how Mozilla has enough money to lay for all their weird projects.
They even cost cut their nonprofit products like Firefox and Thunderbird so they have more money to burn on other hobbies.
They're like a giant corporate MLM where users are encouraged to sell "privacy" to their friends and the profits syphon up to Mozilla where they cash out to google.
But there are other VPNs that will let you download config files for use, I have no idea why PIA makes it hard.
You would need to create a docker image or some sort of container/VM (container preferred) to host wireguard. This is what I personally use: https://github.com/wg-easy/wg-easy
That's an option, but its a lot of work and all you get in return is broken apps/websites and not being able to tell if someone is mitm-ing you mitm.
I'm sure some engineer out there is going to find a workaround, hopefully without breaking encryption.