I recommend that you think hard and properly access your threat profile. You are likely going to have to pay with either your wallet (eg: some sort of company incorporation, lawyer fees, forwarding services, and other privacy protection services), your time (eg: using “inconvenient” services, managing separate accounts, etc.), or both. It can be draining (in more than one way) and take away some of the joy that you’re intending this to bring you if you do too much to protect yourself. On the other hand, if you do too little then you can overexpose yourself leading to pricey or dangerous situations.

At a minimum, I would recommend incorpating and making sure your name is not publicly tied to the company in any way. You will likely need a person/company/lawyer to be publicly listed as an agent of some sort for the company. You should be able to have someone do this for you for a small-medium sized fee. Once you have that, do everything in the company’s name and ideally with separate phone numbers, email addresses, online accounts, bank accounts, and physical addresses as anything tied directly to you.

Some of that is to protect yourself financially and legally, but there are some obvious privacy benefits as well. Anything beyond that should be dictated by your threat profile.

As always though, follow best practices when it comes to security! Use strong passwords and use multi-factor authentication when possible (or ideally, use passkeys). Don’t reuse passwords (and ideally, don’t reuse email addresses for multiple accounts). Avoid clicking links in messages when possible. Don’t open suspicious documents (especially if they are unexpected). Verify the authenticity of any new person/business you interact with (especially if they contact you first). Be vigilant of all forms of phishing attacks.

Another piece of advice (that you didn’t ask for, sorry!) - if the process of making art is the thing that brings you joy and the materials are not too expenses, then just focus on making the art without selling it (at least for a while). At worst, you will realize that maybe this isn’t as enjoyable as you thought it would be with the added benefit of not needing to deal with all the troubles of working through all the legal/financial/privacy protections. At best, if you decide to get serious about selling it then you’ll have a larger product inventory and better understanding of what you like making most. It may also help you understand what you should price everything at (assuming you’ve made some of the items in larger quantities).

Thanks for the response!

Sorry to hear about the frustrations regarsing F-Droid, but glad to hear it will at least be on IzzyOnDroid. Excited to check it out once it’s available on there!

Excited to see the app develop over time. I bet Pinepods will be able to meet all my podcasting needs sooner than I can imagine.

Thanks for the update! Really appreciate all of the work that has gone into this.

A few quick questions:

• Will the Android app be available on F-Droid? It looks like it should/will be, but I don’t see it on F-Droid at the moment.
• Is it possible to download episodes from a Pinepods server to a local device via a Pinepods client so the episodes can be stored on something externally, like a USB drive or old MP3 player? If so, can all/multiple episodes on the server for a podcast be downloaded without having to manually select each episode? The only download options that I have seen are for the server to download the episodes from the podcast’s source.

I believe Google plans to use Google Play Services to block side loaded apps. By default, GrapheneOS does not come with Google Play Services installed. I am not sure how things would work if the sandboxes version of Google Play Services that GrapheneOS provides is installed.

The issue about maintaining/updating GrapheneOS is a separate issue from side loading apps. That was due to Google shifting the development of Android to a closed source model and only open sourcing the final code. This limits the Grapheme team’s ability to anticipate changes and make any required adjustments until after the release of Android.

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you’re running your services behind Wireguard so there isn’t too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you’re more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won’t know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).