Noone is getting tracking information from me. I don't care if the ads are not personalized then because I don't see them anyway.

Fuck off and get a real job, marketing scum.

Because I don't sugercoat idiocy? You had two chances to state simple and correct facts, yet you chose to claim authority over stuff you know jack shit about, being a pompous idiot in the process and now you're all butthurt?

Get off my lawn, kid. Good riddance.

I have no idea WTF you are talking about. A closed TCP port emits an RST. It even says so in the very link you posted:

http://www.tcpipguide.com/free...

"Receipt of a SYN message on a port where there is no process listening for connections."

Next time you try to be a smart-ass, get your facts straight. Idiot.

No, you should be getting a TCP RST.

Do you kids know anything?

The stupidity lies in answering with an A record at all.

Just say there is no address (NXDOMAIN). No useless traffic, no semantics to worry about.

It's always fun to read these posts by people who have no clue whatsoever about routing.

"But if I use publicly routable addresses, my local traffic goes via my ISP!"

Read a networking book, dummy.

As long as this matter is in its current state, I wouldn't even bother thinking about the minute details of the "suggestions" on the page.

This whole thing is just absurdly smelling like Lavabit.

They're not only not convenient, they're also not secure in the sense that in order to work with your data, you have to decrypt it _somewhere_. Unless you secure erase your free drive space after zipping your files back up and deleting the unencrypted copies, I wouldn't consider that data to be secure anymore, at all.

It's not as if 7.1a is suddenly unexecutable...

There is no job you can do if the other party is not trustworthy - other than limiting your communication. All this convoluted header bullshit is useless.

Stop crying for a legal solution when there's a perfect technical one: STOP TALKING TO TRACKING SERVERS! Advertisers had their chance. They failed it. So ignore them and let them sulk in their own bullshit.

You base the choice about which router and firmware to run on a measly side-feature, that also locks you into the router vendor? What. The. Fuck.

My bad. Somehow I was assuming the server is in your home LAN.

It's a common notation among official OpenBSD developers to refer to individuals by their mail user name - without the openbsd.org domain. You see it in almost every commit and in mails when the person's role as an official developer is emphasized.

OpenVPN with --tls-auth protecting the TLS layer. That protection made OpenVPN safe against Heartbleed. Doesn't work if you have untrusted users, obviously.

Don't VPN directly into your LAN. Use a hardened node in a heavily firewalled DMZ and use SSH from there.

OpenVPN and OpenSSH simultaneously having a vulnerability is pretty unlikely.

If you've never heard of him, you're not part of any important "tech community". Period.