Darkassassin07

Cue dumbasses tossing their iphones in the toaster oven in 3... 2...

Where in the world did you get that idea?

VPNs serve three functions:

• add a layer of encryption so your local network operator and ISP can't inspect your traffic, its contents and its true destination. (this is what OP is looking for)

• make it appear to the service you are connecting to, that you are connecting from a different location than where you actually are. (for example make Netflix think you're in a different region to show you different content)

• provide secure access to private services that are not exposed directly to the Internet. IE securely connecting devices on seprate LAN networks together over the Internet via an encrypted tunnel. This is a VPNs true purpose and how they are primarily used in Professional/Comercial settings. (pretty much every corporation you've ever interacted with runs a VPN that connects its stores/warehouses/offices together)

Pope is recovering;

• meets JD Vance

• dies a couple days later....

Hmm

I too oppose deals being made at my expense...

This seems like a goes-without-saying level of obvious position to take, no?

"Sorry kids; by executive order of the president, the US Military carried out a series of bombings on the Easter Bunnies home.

There won't be any more Easters, and there definitely won't be anymore easter eggs."

I really don't like the idea of every device automatically having a publicly reachable IP.

There's certainly situations where that would be nice; but I'm quite fond of most equipment and services being behind a router and it's firewall, requiring explicit configuration to be exposed to the open net.

Nobody outside my home network ever needs access to my toaster... (btw, why tf is my toaster wifi enabled...?)

My ISP blocks the ports needed for mail hosting :/

Pretty sure I'd have to go through them to get the rdns PTR records pointed at my domain too. PITA

Actually it looks like Caddy is supposed to set those automatically (I'm used to Nginx which doesn't).

You'll have to look at why the upstream isn't accepting them then. I'm not familiar with azuracast.

X-Forwarded-For

And

X-Real-IP

The application you're proxying also has to listen to these headers. Some don't, some need to be told they're ok to use. (if you enable them, but don't have a proxy in front, users can spoof their ip using them)

Rebooting just seems like a very roundabout, slow and inefficient way to get back to that initial state you describe.

It's exactly what the reboot process is designed to do; return you to that fully encrypted pre-boot state. There would be no purpose to implementing a second method that does the exact same thing.

Much of the data on your phone, including critical information that's required to run the operating system and make the device function, is fully encrypted when the device is off/rebooted.

While in this locked down state, nothing can run. You don't receive notifications, applications can't run in the background, even just accessing the device yourself is slow as you have to wait for the whole system to decrypt and start up.

When you unlock the device for the first time; much of that data is decrypted so that it can be used, and the keys required to unlock the rest of the data get stored in memory where they can be quickly accessed and used. This also makes the device more vulnerable to attacks.

There's always a trade off between convenience and security. The more secure a system, the less convenient it is to use.