My main use case is using it to protect my exposed Home Assistant instance in a way that doesn’t require a VPN that family can screw up. I can just install the cert into the app for them and it Just Works. I also use it for my own Gotify notifications.
As a more general rule, I apply it to anything I want to expose but can’t easily protect using OIDC logins. I used to put more behind it, but I recently opened up my services to friends and family, so I moved to using Authentik as my primary defense for most things. mTLS was great when it was just me, I can easily install the cert into my own browser and all of my Android apps (except Firefox Android…) but friends and family just zone out when I explain why their new phone doesn’t connect, so I had to adjust my systems to compensate.
It’s really easy to change your positions when there were never any principles behind it either way.
This is what I’m so desperate for people to understand: these are empty people. In terms of politics, they don’t have beliefs in the way you and I do. They have hollowed out that part of themselves. This is why debate or the introduction of new facts never changes their minds, because it never made up their mind in the first place. Such a change requires your positions to be propped up by genuine belief in what you think is the right thing, where that prop can be knocked over.
These people belong to a team, a clan, a cult, however you want to phrase it. The only thing that matters is that their side is in power and uses that power to act against those who aren’t. Any means to that end is valid to them. They’ll happily switch to whichever position is most convenient for them without missing a beat. They’re only justifying it to you to keep you busy and distracted, they never really believed a word they said. They just chose the words they thought would be most effective to win.