Threema. And don’t forget, real privacy and security, with centralized services, is never free. The app is tested by third party and is open source. And, you don’t have to share your phone number, unlike with Signal.

Docker uses LXC. LXC is actually at the core of many container engines.

Yeah I saw that plugin a few years ago and it was not ready for production yet.

I am going a whole different route, but have the same motivation: get rid of docker and improve the security.

I will move from docker compose to Nomad. And I will also not use containers itself anymore. I want/need more security. You can achieve this with MicroVM (Firecracker). However, you would need to build those VM images yourself. But there is a solution to it. Kata-containers. They allow to deploy OCI compliant containers into seperate MicroVM’s. Then you have true isolation from the host kernel, while not losing much of start-up time.

It sucks to migrate to podman if you have been using Docker Compose heavily.

Also, updating is done with

docker compose pull

and

docker compose up -d

every 24h via cronjob