To be fair, any proper VPN setup that only relies on the routing table like this is flawed to begin with.
If the VPN program dies or the network interface disappears, the routes are removed aswell, allowing traffic to leave the machine without the VPN.
So it is already a good practice to block traffic where it shouldnt go (or even better, only allowing it where it should).

As far as i understood tailscale funnel its just a TCP-tunnel.
So you handle TLS on your own system, which makes sure tailscale cannot really interfere.

If you already trust them this far, might aswell do the same with a VPS and gain much more flexibility and independence (you can easily switch VPS provider, you cannot really switch tailscale funnel provider, you vendor-locked yourself in that regard)

I'd connect the VPS and your home system via VPN (you can probably also use tailscale for this) and then you can use a tcp-tunnel (e.g. haproxy), or straight up forward the whole traffic via firewall-rules (a bit more tricky, but more flexible.. though not that easy with tailscale.. probably best to use TCP-tunnel with PROXY-Protocol).
This way you can use all ports, all protocols, incoming and outgoing traffic with the IP-Address of the VPS.

Tailscale might even already have something that can configure this for you.. but i dont really know tailscale, so idk..

And as you terminate TLS on your home-system, traffic flowing through the VPS is always encrypted.

If you want to go overboard, you can block attackers on the server before it even hits your home-system (i think crowdsec can do it, the detector runs on your home-system and detects attacks and can issue bans which blocks the attacker on the VPS)

And yes, its a bit paranoid.. but its your choice.
My internet connection here isnt good enough to do major stuff like what i am doing (handling media, backups and other data) so i rent some dedicated machines (okay, i guess a bit more secure than a VPS, but in the end its not 100% in your control either)

Windows has a request assistance function? wtf.. where is that found?
I only know Remote desktop tools and most of these work perfectly fine on linux as the client or even under Wine.

[Edit: woah, i did some rambling below here.. not related to your specific case here, but some nice information maybe]

Linux as host is where it gets funny.. bigger ones support X11, pretty much none support Wayland.
To be fair, its impossible to control mouse and keyboard under Wayland without root.
I think we now have some new desktop packages for gnome and kde which can do that, so now they need to be implemented.

But i dont see an effort being made for Wayland by the bigger providers in the near future.. the market just isnt there and there is lots of uncertainty with the featureset.

Switched to Rustdesk a while back, works nicely as client, but only picture output with wayland as host.l as of now.
And i cannot copy&paste under wayland as client.. even though it worked before..

5 years ago.. so probably not a very fair comparison, condiering all other prices went up too..

WebCord is a beast! Maybe runs better for you.
Basically Discord desktop client experience, but privacy (well.. as much as you can have with discord) from the browser-version. (minus discord desktop client exclusive features of course)

You basically have a usb-stick with the windows installer.. stick it it.. boot from it (usually F12 or F8 at start brings up the menu).. and follow the steps on the screen.. and thats it.
But if you are unsure you can also pay like 20 or 30$ for some shop to do it for you.

more time into crafting the right prompt

Thats not work to you? My company pays me to spend time to do the right thing, even though most of the work does the computer.

I see where you are going at, but your argument also invalidates other forms of human interaction and creating.

In my country copyright can only be granted if a certain amount of (human) work went into something. Any work.
The difficult part is finding out whats enough and what kind of work qualify to lead to some kind of protection, even if partial.
The difficult part was not to create something, but to prove someone did or didnt put enough work into it.
I think we can hold generated or assisted goods to the same standard.

Putting a simple prompt together should probably not be granted protection as no significant work went into it. But refining it, editing the result.. maybe thats enough, thats really up to the society to decide.

At the same time we have to balance the power of machines against human work, so the human work doesnt get totally invalidated, but rather shifted and treated as sub-type.
Machines already replaced alot of work, also creative ones. Book-printing, forging, producing food.. the scary part about generative AI is mainly the speed of them spreading.

Downloading from youtube is piracy? How? If it was like a Youtube Red show, sure, but the normal videos everyone can see for free?

For me piracy begins with aquiring things or features which usually cost money to get whilst also taking into account if its obvious a thing should cost money in such an environment (thats also how our piracy laws are worded here).

So our piracy laws also classify things as piracy if it was obvious the deal was too good to be true like Windows for 2$ on eBay or chinese ROM cards for 5$ with hundreds of games.

Videos on youtube, including music, are a normal occurrence. A full blockbuster movie is usually not.

Probably depends on who can force who to which extend and gain how much.
I'd argue the US still has the most control, may that be good or bad..

I dont want my data with any of them, so i prefer smaller alternatives, designed to be more secure, but probably also more of a hassle if stuff breaks..
Sadly these giants probably still get plenty of data because they control most of the internet.

One at a time, but comparing A to B, because B is also doing bad things doesnt negate nor justify the impact of A, which in this case, i'd say is worse.
Yes, I believe it is slightly preferable to be under surveillance by an unstable democracy with a history of disregard for other nations laws, than to be monitored by China’s Communist Party, which has previously used such data for oppression and manipulation.

Though i agree and would make, if possible, both responsible for their actions and control over others. And here it also seems, there is more control over the big sea than in Asia, making one marginally better than theother.

If its only you and you want best security, setup a VPN system. (Tailscale, Netbird, or others are quite easy)
If someone else should also, and you dont want everyone to have to use a VPN, then you can expose some services directly. Of course behind CGNat you need some third-party system to allow this (e.g. cloudflare or a rented server).

I am not a big fan of cloudflare, they are a huge centralized company, easily allowing tracking across websites with clear-text access and kinda discouraging learning how to secure things yourself (which you have to do anyways, because you are a service provider and only cloudflare is not enough if its still publicly accessible though them)
But in the end its your choice. They easily allow you as service provider to protect yourself from DDoS attacks or allowing IPv4 access when you are behind CGNat, things you just cannot easily do yourself, certainly not without costs.

duckduckgo search is certainly not open source.
Chrome also isnt open-source.
Chromium is, but Google mainly uses it to gain size and push standards that benefit them.