I was researching WebMail providers, and noticed that most WebMail providers recommended in privacy communities are labelled as proprietary by AlternativeTo....
I have wondered why they haven’t taken the opportunity to come out with a Graphene-lite for non-Pixels
The issue I see is simply a lack of developers to do so. Trying to split the team between two mostly different projects would most likely cripple both.
This spreadsheet is a very helpful comparison of the different messaging apps. I’ve been using SimpleX for quite some time now, and the only issue I have is some lag on the iOS client.
Very helpful, thank you! Raivo was, unfortunately, sold out to a company months ago. Many people, like myself, flocked to 2FAS. It’s nice to know that other options are popping up.
I’m looking for a way to have a private method for Tap to Pay on GrapheneOS. Ideally I would like compatibility with privacy.com, and if possible have the option for Monero. I don’t mind going through an exhaustive setup process. What are my options?...
9 months ago, Raivo OTP for iOS was sold to Mobime. Raivo was hailed highly in terms of privacy, but was dethroned to 2FAS Auth after that incident. Today, Raivo launched an update, and after updating all of my entries were completely wiped. I didn’t have a backup, but even if I did you now have to pay in order to...
I never want to get a smart TV, but I found this exact TV (Toshiba FireTV) on the side of the road and decided it would be a fun project to try enhancing its privacy as much as I can. It did not come with the remote or any other accessories besides the TV, so if there is any way to pair an iPhone/Pixel as a remote that would...
This is half a decade old news, but I only found this out myself after it accidentally came up in conversation at the DMV. The worker would not have informed me if it hadn’t come into conversation. Every DMV photo in the United States is being used for AI facial recognition, and nobody has talked about it for years. This is...
Many people’s threat models, like my own, are against mass surveillance. This falls under that category, even if it’s being handled responsibly. The issue is people have no way to opt out, and there is a lack of transparency about the use of facial recognition.
Just because mass surveillance is already happening doesn’t mean we should accept it as our only option. While it’s true that governments and corporations are collecting data on us, there is still merit in pushing back against these practices. The point of privacy is not to hide everything and live in the woods, the point of privacy is to have control over what data you share, when you share it, and with whom you share it with. The problem isn’t facial recognition itself, the problem is living in the woods shouldn’t be the only way to avoid it. We should be able to opt out. What may seem fine to you is not always fine with others. That’s why threat models exist, after all.
Correct, however this issue primary affects US citizens, given that driver’s licenses aren’t the only ID the DMV takes pictures for (e.g. the aforementioned Real ID)
Is this because I am using a free tier VPN? so it’s not functioning properly etc…
Free tier VPN services often come at the cost of some privacy and security features, but ProtonVPN will still protect you against IP address leakage regardless.
Else google fixed my location based on my previous location history?
Google stores location information indefinitely, so even if you are using a VPN right now it will still have a history of your real location.
Some other ways your location can get leaked to Google:
Location access for websites
Using stock Android or ChromeOS logged into that Google account
Installing Google apps on your computer
DNS leaks (e.g. through TunnelVision or a custom DNS over your VPN)
WebRTC leakage (this is a technicality and your VPN should protect against this. The uBlock Origin extension also helps)
In an effort to increase my privacy, I decided to buy a Pixel phone second hand to use with GrapheneOS. Due to some miscommunications, the phone ended up being carrier locked with T-Mobile. GrapheneOS’s own website advises against buying carrier locked phones in order to avoid the hassle of carrier unlocking it....
What would keep people from just taking a stolen phone to t-mo to have them unlock it without this?
Phones can be marked as lost/stolen by reporting the device’s IMEI number, but this one was not flagged under any suspicious activity. The owner simply didn’t carrier unlock it, for whatever reason.
You need to make sure the phone is unlocked before you buy it.
The reason I ended up with a carrier locked phone is because of miscommunication that wasn’t on my end. The phone I intended to buy was carrier unlocked.
I’m aware that carrier unlocking and OEM unlocking are two separate things, but apparently I was under the misconception that (since OEM unlocking being disabled is due to a carrier lock) I would be able to OEM unlock after carrier unlocking. Thank you for informing me that that is not the case. Do you know specifically which carriers besides T-Mobile and Verizon disable the setting?
Cellular providers don’t want you being able to switch from carrier to carrier, and to prevent this they make sure you can’t change certain settings like OEM unlocking.
P.S. Android allows you to wipe eSIM data, but I’m not sure how securely it does that.
Having used iOS my entire life, the switch to GrapheneOS will be a big change. I have learned over the past year about Android, GrapheneOS, and apps to use. I managed to find most of the apps I was looking for, but there are some I struggled with. I had trouble finding privacy respecting, open source apps for the following...
Thanks for your suggestions! I guess I hadn’t checked if there was already a backup service built in. I checked out the Linux app for Stremio, and it’s largely just a privacy respecting catalog given that you need to pay for the underlying streaming service, unless you torrent of course.
I’ve found I automatically compartmentalize my mobile accounts from my desktop accounts, so I have never had the need to sync my KeePass database. Do you have any concerns with KDEConnect I should know about?
I have made it a point to avoid iCloud, and occasionally I will find apps that have been enabled to sync with iCloud that were previously disabled. I am the proud owner of a zero kilobyte iCloud account. (And the proud owner of a brand new GrapheneOS device. See you, Apple!)
While this may not be what you’re looking for, it’s worth mentioning that a good ol’ pencil and paper does wonders. It won’t have everything you need, but you can time how long you ran for with a stopwatch, count how many pushups you do, manually measure your pulse, etc. If you’re good with data processing you can stick the data in a spreadsheet and process it to see your progress. The bonus is you’ll learn a lot more about health through doing it yourself. Besides that, I’ve never used a smart watch or fitness tracker. I’ve just exercised until I get tired.
If you completely lose your password to your vault there is nothing you can do, simple as that. Don’t lose it.
Unfortunately, as mentioned in the post, there are some ways to lose access to your password that are out of your control. Furthermore, the more places you store your password the less secure it is. It would be a lot easier to be able to authenticate with multiple authentication methods individually, than to rely on having access to all of them at once. That’s the problem I’m trying to address here.
Cloud-based sync is incredibly easy with self-hosted cloud, as pointed out by the KeePassXC FAQ. Self-hosted cloud is effectively a local solution.
It is still subject to the issues listed in the 3-2-1 rule, however the goal of self hosting itself conflicts with that rule (since the rule dictates the use of off-site cloud storage). I will note, it does somewhat solve the issue of keeping database backups, as any device pulling from the local cloud server effectively becomes a backup of your database.
Most passwords can be converted to passphrases to help you remember them. A password “8pmfvt3bww7t” could be remembered as “8 pandas might find vases that 3 bears will wash 7 times.” Obviously not all passwords will work for this, but it’s a good way to remember random strings. Passphrases are long in characters but have an entropy dependent on how long your wordlist is. For example, 3 words might be 20 characters, but it’s easy to guess 3 words since you’re not going character by character.
That is a really interesting method! Thanks for sharing, I’ve learned something new. A way to solve the stakeholders unlocking it would be to also require the admin’s own credentials plus 2 (or however many) stakeholder credentials to unlock it. However, that could cause stakeholders to target the admin.
they don’t even know they’re trying to guess words in the first place.
That is true, but the math is still the same regardless.
Suppose you had a word list of 1,000 five letter words. Each of your passphrases is 5 words long. That means you have 1,000^5 possible combinations of passwords, which is an entropy of ~49.8 bits. Even though each passphrase is going to be 29 characters long (5 five letter words plus 4 spaces in between), the password wasn’t generated character by character.
By contrast, suppose you used all 95 characters on the (US) keyboard, an 8 character password has 95^8 combinations, which is an entropy of ~52.6 bits. Even though the passphrase has 21 more characters than the password, the password still has more entropy.
Big grain of salt here: You can get a huge word list and remember much longer passphrases easily, but the point is to show that the number of characters doesn’t dictate the security of a password. If someone were to brute force a passphrase character-by-character, it would hold up very well, but a) Not many people use passphrases and b) It’s far more common to use password dictionaries than to brute force.
P.S. If someone found your word list, they could probabilistically brute force your passwords. For example, if 75% of your five letter words started with the letter S, they could deduce that most of the words likely start with S, and they’ve already eliminated a few characters to brute force.
The reality is the password guesser has a string of 29 characters.
Actually, not even that. It would be hashed as a fixed length (256 bits usually).
Again, most of what I was saying was just for the sake of an example to show that under the right circumstances the length of a password doesn’t dictate its security. Even if it’s an extreme, security is only as strong as its weakest link. I’m not denying that it can be unrealistic, and I’m not saying it’s insecure (hence the “grain of salt” section that addressed all of your points), I’m just showing how it could be possible.
As long as you generate your passphrases properly (i.e. making sure they still have high entropy and don’t fall into the same pitfalls I listed, in case someone still decides to brute force your password as a passphrase), you can have a very secure passphrase. However, as far as sheer entropy goes, passwords have more entropy in a more compact space and are better in that respect.
P.S. Some applications have a character limit, meaning you’ll get more entropy out of a password than a passphrase. You might accidentally get weak entropy in a passphrase because of the character limit.
I’ve noticed that ads are absolutely everywhere, and wanted to post this to disillusion some of the places we see ads but don’t realize. It would be harder to make a list of places you don’t see ads....
Why are most "privacy" WebMail providers labelled as proprietary?
I was researching WebMail providers, and noticed that most WebMail providers recommended in privacy communities are labelled as proprietary by AlternativeTo....
deleted_by_author
What's the best messaging platform?
Cross-posted from : lemmy.ml/post/16566616...
[UPDATE] Raivo wiped all of my TOTP codes
Previous post...
Tap to Pay on GrapheneOS
I’m looking for a way to have a private method for Tap to Pay on GrapheneOS. Ideally I would like compatibility with privacy.com, and if possible have the option for Monero. I don’t mind going through an exhaustive setup process. What are my options?...
Raivo wiped all of my TOTP codes
9 months ago, Raivo OTP for iOS was sold to Mobime. Raivo was hailed highly in terms of privacy, but was dethroned to 2FAS Auth after that incident. Today, Raivo launched an update, and after updating all of my entries were completely wiped. I didn’t have a backup, but even if I did you now have to pay in order to...
DeAmazoning a FireTV
I never want to get a smart TV, but I found this exact TV (Toshiba FireTV) on the side of the road and decided it would be a fun project to try enhancing its privacy as much as I can. It did not come with the remote or any other accessories besides the TV, so if there is any way to pair an iPhone/Pixel as a remote that would...
Reminder: The DMV uses photos for facial recognition
This is half a decade old news, but I only found this out myself after it accidentally came up in conversation at the DMV. The worker would not have informed me if it hadn’t come into conversation. Every DMV photo in the United States is being used for AI facial recognition, and nobody has talked about it for years. This is...
Does VPNs even work against Big Brother apps? Using one really protects our privacy? (masking our location)
I am currently using Proton VPN (free tier) which is set to Always-ON and Block Connections on disable....
T-Mobile's Forced Arbitration
In an effort to increase my privacy, I decided to buy a Pixel phone second hand to use with GrapheneOS. Due to some miscommunications, the phone ended up being carrier locked with T-Mobile. GrapheneOS’s own website advises against buying carrier locked phones in order to avoid the hassle of carrier unlocking it....
Looking for some Android apps
Having used iOS my entire life, the switch to GrapheneOS will be a big change. I have learned over the past year about Android, GrapheneOS, and apps to use. I managed to find most of the apps I was looking for, but there are some I struggled with. I had trouble finding privacy respecting, open source apps for the following...
When iCloud Won’t Let you Delete Your Data
piped.video/Z9-sJm1lEAU
FTC issuing over $5.6 million in refunds from Ring security issues (www.ftc.gov)
[Solved] Looking for a privacy oriented fitness tracker
Hi other privacy people :)...
How can you prevent KeePassXC database lockouts?
Inspired by this post, I decided to see if I could identify any single points of failure in my own setup....
Google Agrees to Delete Billions of Files Collected in Chrome Incognito (restoreprivacy.com)
Where are places you see ads?
I’ve noticed that ads are absolutely everywhere, and wanted to post this to disillusion some of the places we see ads but don’t realize. It would be harder to make a list of places you don’t see ads....