Security is extreme important forme. A few selected items of what i do:

  • access to my servers (SSH) requires 2-factor authentication (pubkey and password)
  • authorized SSH keys are handed out in hardware (Yubikeys)
  • where supported updates are installed automatically (including automatic reboot when necessary)
  • my domains are DNSSEC signed
  • I support DANE for email traffic
  • HSTS with Preloading
  • I make use of 2-factor authentication for all 3rd-party services where supported (,, stripe, github, twitter, mastodon, …)
  • I monitor certificate transparency logs for our domain to spot rough certificates

Domain Name System

I use & inwx in combination with as the authoritative name servers for “” because they:

  • support DNSSEC and security related DNS records (CAA, TLSA and SSHFP)
  • support 2-factor authentication (TOTP, Yubikey)
  • are Tor-friendly
  • are good price service value


I am using my own hosted Mailserver with Mailcow.

  • support DKIM
  • support DANE
  • support 2-factor authentication
  • full encrypted virtual machine on our host-system.


At home, phone and some virtual machine are running behind a VPN from

  • There have no hard drives
  • don’t log anything
  • pay via bitcoin
  • pay via cash (Amazing!)
  • offers a static IP (for some services)
  • amazing speed and latency