Imprint9816

@Imprint9816@lemmy.dbzer0.com

• ⁨Comment⁩ on ⁨Privacy Guides is Hiring⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

  Keep up the charade, need to slim the herd before the 1st round of interviews.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  Lol OK. Seems like its to much for you to consider you poorly communicated your point anyway.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  I think if people read that comment and think they are being called dumb, that’s completely on them and probably a good time to look themselves in the mirror.

  Nothing wrong with the design. Its literally just making thing easier at no cost to the user.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  “Basically then it degrades to a very strong password that can’t easily be phished.”

  I’m disagreeing with this, in that you are still (hopefully) using 2FA with your vault. Therefore whatever your accessing in that vault whether its a TOTP token or a password is still protected by MFA and not just a “very strong password”.

  Putting a TOTP token inside a vault protected by a strong password and another form of authentication is no less secure then having it be separate from the vault.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  Not really. You still should be use MFA to access the vault itself before you can even get to the Token.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  Yes but you would still have 2FA.

  You would still be using 2fa to access your vault. So in effect anything in that vault has more then 2 factors of authentication as it requires MFA just to get to the password.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  Yes but you would still have 2FA.

  You would still be using 2fa to access your vault. So in effect anything in that vault has more then 2 factors of authentication as it requires MFA just to get to the password.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  This seems more like a user issue then a security issue. If you are avoiding this feature because you have to idiot proof your security against yourself, your probably going to be compromised at some point anyway.

  This seems easily avoidable by

  1. just have the vault timeout be set low and to logout.
  2. Not leaving your password manager unlocked and unattended (wtf are you thinking lol)
• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  Seems a bit odd to roll this out without having the ability to import from other authenticators. Feels like a pretty basic feature.

• ⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

  Why do you think its not safe? If you trust bitwarden to protect your passwords what exactly do you think is going to happen?

  Even if bitwarden is compromised in someway, all that data is still encrypted and would still be highly unlikely to actually be accessed.

  The only risk is if you use a bad master password. Which is the biggest risk of using a password manager regardless.

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  You seem to be avoiding the fact component, which is they have proven through audits their security is what you would want in a service that hold your data and have decided to instead rely on one instance, that has nothing to do with the issue and your own feeling of how companies operate (FUD).

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  My point is Proton did something every legit business would do.

  If your threat model is such that governments are going after you, you should be aware enough to not create an email with an IP that identifies you.

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  Not every concern is but ones where concern is based solely on fear and hypotheticals are. This all eggs in one basket line of reasoning is FUD and has no real bearing in reality.

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  Proton can see my traffic. I already know that. Any vpn provider you use could. Its not that i trust proton implicitly its that i trust them more then my ISP that would be able to see it if i did not use a vpn. Couple that with their record of audits and im not sure what else you could expect from them.

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  It doesn’t matter what is being discussed, if its about proton the email incident gets brought up. Here is the deal. No major company is going to break the law for its users. Had the activist been using proton vpn to create and access their email Proton would not have had the info they were forced to give up. The takeaway from the story is bad opsec is usually what gets people caught.

  Whether you use Proton or someone else you will need to trust that service. If you don’t trust them, don’t use them. Its that simple, no need for conjured up FUD excuses.

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  If all your eggs are encrypted, having those eggs in one basket or five doesn’t matter from a security perspective. Its the same reason you wouldn’t split up your passwords to multiple password managers.

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  “All security is porous” is FUD pure reasoning and completely disregards the security audits Proton does to make sure its not anything like lastpass.

  You are also assuming if proton was breached that it means all encrypted data would be available to the malicious party which is also extremely unlikely.

• ⁨Comment⁩ on ⁨Standard notes: what about don’t put all your eggs in one basket rule?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  This whole line of thinking seems to be based on FUD more then anything else.

  There is no evidence or reason to believe some major compromise of proton will happen.

• ⁨Comment⁩ on ⁨FOSS app store for iOS?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:

  Why? FOSS apps can still charge money. Remember its free as in freedom not free as in free beer.

• ⁨Comment⁩ on ⁨Is Proton Unlimited Worth renewing?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:

  You may want to check out AirVPN - great port forwarding implementation.

  Long history of being privacy respecting but they don’t do audits (which is a super big deal to some).

  Just make sure to use the wireguard client as their own client kind of sucks.

• ⁨Comment⁩ on ⁨Is Proton Unlimited Worth renewing?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:

  Mullvad is the gold standard if you dont need port forwarding.

  You may want to look into Filen - I know they have had issues with them not using the best encryption methods. Just remember “lifetime” refers to the life of the service (which they can change at any time) and not your lifetime.

• ⁨Comment⁩ on ⁨Is Proton Unlimited Worth renewing?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:

  Lmao how many times are people going to misrepresent the proton email issue

• ⁨Comment⁩ on ⁨Is Proton Unlimited Worth renewing?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:

  Depends on your use case.

  I know for me, i don’t need all the services unlimited offers.

  I created seperate accounts for the services i use as they don’t allow you to bundle only specific services together (ie just mail+ and drive+ together). This ends up saving a few bucks.

• ⁨Comment⁩ on ⁨Looking for a website like tracker control app⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Oh for sure but I don’t think the ublock extension works for vanadium

• ⁨Comment⁩ on ⁨Looking for a website like tracker control app⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Cool site. Scored 92% usibg Vanadium browser on GrapheneOS

• ⁨Comment⁩ on ⁨AirVPN discloses server seized in 2015⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Yeah disclosure is alwaysbgood its just odd the way the handled it

  -no official post -makes the announcement as a reply to a forum post (which came off like they werent even planning to disclose at all) -all of a sudden has a 7 year wait time on disclosures -not written super prpfessionally (i tend to assume english is a 2nd language for the staff but still as an orginization the staff should be a bit more refined).

• ⁨Comment⁩ on ⁨AirVPN discloses server seized in 2015⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Yeah the whole thing is odd, especially since they disclosed it as a response instead of in the disclosure thread the first comment mentioned.

• AirVPN discloses server seized in 2015airvpn.org ↗
  Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ to ⁨privacyguides@lemmy.one⁩ | ⁨12⁩ ⁨comments⁩
• ⁨Comment⁩ on ⁨Which country treats privacy at worst ?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Lol this country has some of the best state sponsored hacking groups and has a nuclear weapon. Its not like they are living under a rock technologically. The government just doesn’t provide much of anything, to its citizens as a form of control.

• ⁨Comment⁩ on ⁨NoScript Blocking Yubikey?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

  Thanks! Enabling webauth did the trick!