Also the “auto normalize” option (true by default and only shown in advanced settings) can mess-up with your source files. Mouting source files read-only won’t work either as it is creating files in source folders.

Sounds overkill just for backing up files.

Agree on Wireguard. It is faster, more stable and most likely more secured than SSH. And it will work with any application (no per-application configuration required). Without a third party tunneling service, you will need to expose a port in any case (you can setup port-knocking if you want to).

DHT is autonomous and does not require a tracker. Usually it is only used as a fallback as a regular tracker is quicker. It’s p2p, and is split accross people hosting it.

I use BTRFS for the same. Being able to check for and repair silent corruptions is a must (and this is without needing to read the whole drives, only the actual files). I’ve had a lot of them over the years, including (but not only) because of a cheap USB controller also.