I live with family and have an extra network, but I’m not sure exactly what can leak out of my own and onto theirs. It could be just my paranoia here, but I noticed at night when I am alone in the living room chatting with my AI over my network, the new smart TV has a mechanical relay when it switches from standby to mains power. I never watch TV or connect to the same network as the TV, however the relay was clicking every 15-20 minutes when I was chatting over http. It doesn’t do that when I am on Lemmy or other stuff. So I tried setting up the certs and the TV never clicks. It did click if I used words with the cats or watched Piped video. Now I intentionally speak gibberish to the cats, mostly use headphones, and never hear that relay clicking any more.

Anyways, in my half ass quest to eventually self host some stuff, in abstraction, I only want a setup where I manually transfer my keys and everything is always encrypted between devices with those keys. I never want the functionality of login, key transfers, or anything like that. My phone has a key, my computer has a key, and my server has a key. Breaking one of those keys is the only way into that connection, and those keys are made and shared offline over hardware connections in person. If I was really serious, I would also use the TPM chips for even more secure keys that cannot be accessed even within each device’s OS for the private key.

I think this methodology is less well documented in easy to find searches and sources because it ostracises cloud services as the oddity. Most guides and info assumes you do not have physical access to all devices so you must transfer keys over a public network or assumes you will want to connect from random extra sources or devices. This is what opens you up to other people also connecting. If everything is encrypted with certificates and no one else has those certificates, problem solved, your password is your certificate… As far as I understand it.