but an attacker isn’t obliged to take on all the open ports, he could work with some of them - the ones that may seem the most interesting to him

Ok, back to this then:

If everything reports open then what ports do you focus on first?

I don’t see an issue here. An attacker would be overwhemed with choise and excitement so that he wouldn’t be able to decide which port to choose first, get stuck for a several months unable to decide? He’d toss a coin then.

You can’t pretend-close it and still have that service work.

indeed, a service on a port would no longer properly work. However, pretending that an open port is closed is possible by interserping syn packages.

No!

If everything reports open

not every port but some of them

how so?

It’s got CLI too - alright. But is it any de-facto, mature, well-known, widely used? What gurantees that it’s as secure as openssl or gpg? It might have plenty of bugs and vulnerabilies.

1. backups, non-incremental ones
2. prevent others from viewing information that may be sensitive
3. encrypted files and directories will then be copied over to external drives and third-party servers

re-read my question carefully

“I don’t want to encypt them in-place because I’ll be uploading them onto a server, copying them on an external drive.”

I don’t want to encypt them in-place because I’ll be uploading them onto a server, copying them on an external drive.

the fact that you like it doesn’t make best or even decent in terms of privacy