Why would you want to expose your IP to the internet? I still feel that's dangerous, susceptible to DDoS attack, and I avoid that as much as possible. I put everything behind a Tailscale for internal use and behind Cloudflare for external use.
In this case they're re-exposing the server(s) to the public internet, but their actual IP Address is still very much hidden behind the Wireguard connection to the VPS.
The IPs they're talking about exposing are ones which are on a VPS, not their home router, or the internal IPs identifying a device in Wireguard.
What the heck? That's like not wanting a street address because people might come to block your front door somehow, or burglars might find your building and steal from it. The big brothers you mention would be like gated/walled communities in this analogy I guess
Saying this as someone who's hosted from at home for like 15 years
Also realise that you're sending the IP address to every website you visit, and in most VoIP software, to those you call. Or if you use a VPN 24/7 on all devices, then it's the VPN's IP address in place of the ISP's IP address...
I don’t think this is the right analogue. Having someone come to your door breaking things would take much larger effort, and easy to be caught. But DDoS or attack your service has minimal cost.
Visiting sites and sending the IP address is not the problem, the router has firewall and basically blocking unwanted attention. But when you expose something without protection and allow someone to burn your CPU, or, in a worse case, figure out your password for a not properly secured service, is a totally another issue.
I saw people setting up honey pot SSH and there are so many unauthorized access and I got scared. I think exposing entire machine to network is like you drive car without insurance. Sure you might be OK, but when trouble comes, it will be a lot of trouble.
Yeah and of course it will be depend on your personality and risk model. Compared to other things I don’t want to risk my data, whether leaked or damaged. And I make mistakes, a lot. If you are very meticulous and can ensure that you can put up all the security measures yourself and won’t expose something you don’t want to. I am just not that kind of person.
I'm not meticulous either. I had one responsible disclosure and a few times where I noticed issues myself but never that an attacker discovered it first. There's not that many malicious people. The only scenario where you realistically get pwned is when there is a stable and automated exploit for a widely spread service that can be automatically discovered, something like Heartbleed or maybe if a WordPress plugin has an SQL injection or so
Run unattended upgrades, or the equivalent for whatever update mechanism you use, and you'll be fine. I've seen banks with more outdated running services than me at home... (I do security consulting, hence)
To do that people have to physically come to my house and there are solutions to that, people can fuck with my internet from anywhere in the world. It's similar to why remote internet voting is such a pandora's box of issues.
There's 4 billion front doors on the v4 internet. Sending you a DDoS is transient (not like doing something to you physically) and doesn't scale to lots of websites, especially for no gain
In addition to myself, I know some people who self host but not any who ever had a meaningful DDoS. If you're hosting an unpopular website or NAS, nobody is going to be interested in wasting their capacity on bothering you for no reason
Anything that requires custom effort (not just sending the same packets to every host) doesn't scale either. You can host an SQL injection pretty much indefinitely with nobody discovering it, so long as it's not in standard software that someone might scan for, and if it is, then there'll be automatic updates for it. Not that I'd recommend hosting custom vulnerable software, but either way: in terms of `risk = chance × impact` the added risk of self hosting compared to datacentre hosting is absolutely negligible, so long as you apply the same apt upgrade policy in either situation
Online voting has nothing to do with these phantom risks of self hosting
