Usually they’re normal x86 PCs with nothing unusual about them so just your Linux/BSD distro of choice. You can look up the processor model to see what crypto acceleration it can do, or see if there’s any wireguard benchmarks available.

Some have interesting processors like PowerPC, or other strange hardware, but avoid them unless interesting is what you’re after.

You have the pi, give it a go.

If it’s inadequate then i’d recommend a used fanless thin-client type PC, such as a Wyse 5070, just make sure it comes with PSU and a few GB of RAM and SSD. And check reports of how much power it uses at idle.

• IMAP mailboxes can be shared between users: https://doc.dovecot.org/2.3/configuration_manual/shared_mailboxes/shared_mailboxes/
• A contact email address could feed into an issue tracker / ticket type system.

Ok, it’s beginning to look like bad UI design on accounts.firefox.com:

If I click sign in at monitor.mozilla.org, it redirects me to an oauth process hosted on accounts.firefox.com which prompts me for my password then sends me back to monitor.mozilla.org.
The settings page at accounts.firefox.com then lists Mozilla Monitor under “Connected Services - Everything you are using and signed into” along with all my browser/device instances. But it doesn’t disappear when signed out from monitor.mozilla.org in the same way that a browser instance disappears when signed out from sync browser-side.

I’m supposing that list does not indicate what has access to sync data, which as far as I understood uses its own strong private keys browser-side which are never shared with the servers.

I’ve seen no documentation that Mozilla Monitor works by accessing one’s sync data.

The interface suggests that it only monitors email addresses manually added on monitor.mozilla.org’s UI.

Yes, I was aware of that at the time, and I probably assumed that my browser would be hashing each piece of data (e.g. each email address or username) before sending it to Mozilla Monitor or haveibeenpwned.

What concerns me is Mozilla Monitor appearing in the list of devices/browsers synced, each of which is implied to have cleartext access to all the data I decide to sync (bookmarks/history/tabs in my case, logins+passwords and more for many other people).

Most mass-marketed VPN services (the type marketed for accessing the internet) allow you to VPN into their private subnet where the thing you can access is their gateway router (which you use in place of your home gateway router/modem for connecting to the internet). You don’t need a VPN service to use VPN software between two points you control.