It sounds like your main concerns are your IP leaking to instance operators? Valid. The most private way with the least absolute hassle, in my mind, would be to just use an account on an existing instance but only ever access it via Tor or a a VPN over Tor if Tor is blocked by most instances. Haven’t checked. Can be a commercial VPN or a VPN on a VPS you have, but if you’re going for broke then only something setup and paid for anonymously. So via Tor or public wifi networks with a wifi cannon with random MAC & taking care to avoid cameras, and paid with XMR or a prepaid debit card bought with cash at a shop without CCTV, preferably months or years earlier if there’s cameras in the area.
1.) some websites state that lemmy prefers you to have one user server (that is 1 server with only 1 user ) , but somewhere else i read that you need to whitelisted by servers to allow you to post on their community
Having federation default to deny or default to allow new instances is up to the operators of existing instances. Unless there’s a central place like (join-lemmy.org) which can aggregate these settings automatically I think you’d have to do some digging.
3.) can i use duckdns or no-ip to get a subdomain and then host matrix /lemmy server there , how safe /applicable is that
Dynamic DNS services should be fine, unless operators of large instances start blocking them. Lemmy instances are identified by their full domain, including subdomains, but if it became a common abuse/spam vector then there’s no guarantees.
I definitely believe in tests but it’s always an uphill battle to convince resistant devs. Even when the implication of failures for end users could mean death or spending years in a cage.
In businesses, I’ve only seen testing take off when it was properly budgeted for devs who already believed in it, or when the org hired test developer(s). And that was an org that had 100+ “testers” contracted, who’d literally click through the screens and note defects. So automated testing was an obvious cost savings.