AppArmor policies are generally much more permissive that their SELinux counterparts. Sure, from a user's point of view it's "better" but from a security perspective it's worse.
andreluis034
If you have confidential compute(Intel TDX or AMD SEV) available from the cloud provider then it is feasible, provided you trust the CPU manufacturer. They should provide capabilities that allow you to perform remote attestation and ensure the virtual machine is running in the protected mode. Hypervisors running these types of machines usually can't access the memory of the virtual machine, not even the registers.
Of course, nothing guarantees there won't be a vulnerability that breaks it(e.g. side channel attacks), but right now the technology exists where you can run software in the cloud, protected from the provider..
Personally, I think this is great because I can now use my game pass subscription on the steam deck, I know I could use the cloud functionality on steamos, but it is not the same.
This limitation made be realize the vendor lock-in that game pass is, sure it provides awesome value, but forces you to have windows or buy an Xbox.
Are you using HTTPS? It's highly likely that your domains/certificates are being logged for certificate transparency. Unless you're using wildcard domains, it's very easy to enumerate your sub-domains.