While this may not be what youâre looking for, itâs worth mentioning that a good olâ pencil and paper does wonders. It wonât have everything you need, but you can time how long you ran for with a stopwatch, count how many pushups you do, manually measure your pulse, etc. If youâre good with data processing you can stick the data in a spreadsheet and process it to see your progress. The bonus is youâll learn a lot more about health through doing it yourself. Besides that, Iâve never used a smart watch or fitness tracker. Iâve just exercised until I get tired.
If you completely lose your password to your vault there is nothing you can do, simple as that. Donât lose it.
Unfortunately, as mentioned in the post, there are some ways to lose access to your password that are out of your control. Furthermore, the more places you store your password the less secure it is. It would be a lot easier to be able to authenticate with multiple authentication methods individually, than to rely on having access to all of them at once. Thatâs the problem Iâm trying to address here.
Cloud-based sync is incredibly easy with self-hosted cloud, as pointed out by the KeePassXC FAQ. Self-hosted cloud is effectively a local solution.
It is still subject to the issues listed in the 3-2-1 rule, however the goal of self hosting itself conflicts with that rule (since the rule dictates the use of off-site cloud storage). I will note, it does somewhat solve the issue of keeping database backups, as any device pulling from the local cloud server effectively becomes a backup of your database.
Most passwords can be converted to passphrases to help you remember them. A password â8pmfvt3bww7tâ could be remembered as â8 pandas might find vases that 3 bears will wash 7 times.â Obviously not all passwords will work for this, but itâs a good way to remember random strings. Passphrases are long in characters but have an entropy dependent on how long your wordlist is. For example, 3 words might be 20 characters, but itâs easy to guess 3 words since youâre not going character by character.
That is a really interesting method! Thanks for sharing, Iâve learned something new. A way to solve the stakeholders unlocking it would be to also require the adminâs own credentials plus 2 (or however many) stakeholder credentials to unlock it. However, that could cause stakeholders to target the admin.
they donât even know theyâre trying to guess words in the first place.
That is true, but the math is still the same regardless.
Suppose you had a word list of 1,000 five letter words. Each of your passphrases is 5 words long. That means you have 1,000^5 possible combinations of passwords, which is an entropy of ~49.8 bits. Even though each passphrase is going to be 29 characters long (5 five letter words plus 4 spaces in between), the password wasnât generated character by character.
By contrast, suppose you used all 95 characters on the (US) keyboard, an 8 character password has 95^8 combinations, which is an entropy of ~52.6 bits. Even though the passphrase has 21 more characters than the password, the password still has more entropy.
Big grain of salt here: You can get a huge word list and remember much longer passphrases easily, but the point is to show that the number of characters doesnât dictate the security of a password. If someone were to brute force a passphrase character-by-character, it would hold up very well, but a) Not many people use passphrases and b) Itâs far more common to use password dictionaries than to brute force.
P.S. If someone found your word list, they could probabilistically brute force your passwords. For example, if 75% of your five letter words started with the letter S, they could deduce that most of the words likely start with S, and theyâve already eliminated a few characters to brute force.
The reality is the password guesser has a string of 29 characters.
Actually, not even that. It would be hashed as a fixed length (256 bits usually).
Again, most of what I was saying was just for the sake of an example to show that under the right circumstances the length of a password doesnât dictate its security. Even if itâs an extreme, security is only as strong as its weakest link. Iâm not denying that it can be unrealistic, and Iâm not saying itâs insecure (hence the âgrain of saltâ section that addressed all of your points), Iâm just showing how it could be possible.
As long as you generate your passphrases properly (i.e. making sure they still have high entropy and donât fall into the same pitfalls I listed, in case someone still decides to brute force your password as a passphrase), you can have a very secure passphrase. However, as far as sheer entropy goes, passwords have more entropy in a more compact space and are better in that respect.
P.S. Some applications have a character limit, meaning youâll get more entropy out of a password than a passphrase. You might accidentally get weak entropy in a passphrase because of the character limit.
Iâve noticed that ads are absolutely everywhere, and wanted to post this to disillusion some of the places we see ads but donât realize. It would be harder to make a list of places you donât see ads....
SimpleX Chat is an instant messenger that is decentralized and doesnât depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations....
Iâve been a fan of SimpleX for a while now. Privacy comes at the cost of convenience, and SimpleX is the most private messaging platform according to this spreadsheet.
(Last I checked) From this spreadsheet, Discord is the fourth worst messaging platform in terms of privacy. Now a new row for âHas adsâ will have to be addedâŠ
Iâm concerned about the privacy implications of DNA testing services like 23andMe or AncestryDNA. What are the potential risks of sharing our genetic data with those companies, and are there any privacy-focused alternatives available?
That is very helpful, thank you! Is there any benefit to using UDP over TCP? I know TCP is more easily detectable with a port scan, and TCP uses ACK to make sure the data gets sent (and for that reason UDP is usually faster but lossy). How does that fit in with the context of DNS queries?
This was very helpful, thank you! While Iâm well aware of encrypted messaging apps, it seems more beneficial to encrypt all traffic, since not all traffic is just messaging and not everyone uses encrypted messaging apps.
Why would they put in the effort when anyone who cares about secure communication just uses an encrypted messaging app?
Because not all traffic sent through cellular is messaging. People visit websites and whatnot when theyâre out-and-about. Not to mention that not everyone uses secure messaging apps.
Having lived in the U.S. my whole life, (and this doesnât speak for everyone), itâs not the dystopia people make it out to be all the time. In fact, people will likely judge you for wearing a face mask. If you care about hiding your face, sunglasses and a cap is enough. Remember to be reasonable with your threat model!
Part of me wants to download my music from Spotify and store it somewhere, but iPhone Drive isnât the greatest when it comes to that. Maybe somebody has (free/FOSS) suggestions?
I remember I tried out Spotube on my computer but the code wouldnât work.
Itâs buggy, but it works good enough with some effort.
How does Graphene differ from Lineage, in any way that it is preferable?
This table compares Android ROMs based on a lot of metrics. Basically, Lineage isnât as private as people think, but Graphene does it proper. Let me know if you have specific questions :)
When you visit a website without using a VPN/Proxy/Tor, the website can see your public IP address. That public IP address is unique (with exceptions Iâll get to in a moment) to your home router. NAT means that each device connected to your router (Wi-Fi) has a local IP address, hidden to the website, but your routers IP is still unique to the website. That means that, even if you switch devices, if you visit a website using your home network the website knows that it is your Wi-Fi and not somebody elseâs. That means that you can get tracked across websites just by correlating public IP addresses. Ads can see this IP address too. The public IP address by itself is enough to narrow down your location to the exact city, in most cases. So, when you visit a website, the website knows
The city you live in
Can correlate your public IP address (ad networks usually do this, not the website itself) to all the other websites youâve ever visited
If your ISP uses dynamic IP addresses, that means your public IP address changes every month or so, so that #2 only has a history of about a month. CGNAT (Carrier-Grade NAT) means that multiple routers share the same public IP address, which removes #2 altogether. This still lets websites know the city you live in, but it reduces mass internet surveilling.
I may have gotten a few minute details a bit off, but thatâs a basic shake down of how it works. TL;DR: Your IP can uniquely identify each of your devices if you donât have NAT, your router if you do have NAT but not CGNAT, and the city you live in. Find an ISP that uses IPv6, dynamic IP addresses, and CGNAT, and use a elite proxy, free VPN, and Tor with a private DNS for maximum privacy.
Pleasure to finally meet you, albeit under less than ideal circumstances. Iâve been anonymously surfing this community for the better part of a year now, and only made an account in the past month. Your name has shown up a lot in most of the notable comments Iâve read. Youâve grown quite the reputation, even spreading to friends I know from other communities. Again, nice to meet you. Would you like to have a constructive and calm discussion regarding your concerns?
Iâve tried Qubes in the past, and Iâm not ready to tackle the learning curve yet. I want Secureblue to be the bridge to learning Qubes first.
Iâve switched Proton for Mullvad VPN, because I really like the idea they are going for
Iâve considered using it from a fingerprinting perspective, but I donât have the finances to switch yet.
I think that in general Iâd recommend just getting a cheap laptop/NAS and run your own Jellyfin, and slowly start building your own music collection.
Thank you for your openness to a rational discussion! For transparencyâs sake (since I have a firm belief that correspondence with higher powers should be publicized), I am willing to address your points one by one publicly.
TailsOS is not for âfunâ purposes.
While you are correct that Tails is not designed for entertainment purposes, because I have a passion in technology and privacy alike, I find it an enjoyable experience to use Tails, learn about some of its features, and overall have a peace of mind that none of my âshenanigansâ will affect my daily operating system.
I use a Faraday bag to store my device when Iâm in public
Nobody uses their phone like this. When you stop using the communicator as a communicator, you have made the phone essentially a glass brick you lug around for no purpose.
I hardly use my phone for communication purposes, as phones have been designed to be used for a multitude of different tasks. Some of these are: gaming, photography, a calculator, note-taking, music streaming, and many more. Phones today are essentially used as portable pocket computers. While I do use my phone for communication, I am not constantly in contact with people in my social circle. Itâs a healthier way to use a digital device, because it means when you are at work or with friends, you arenât constantly distracted using your phone. This helps me to live the moment, and be present. The Faraday bag adds extra security while doing so. I am by no means telling you how to use your phone, but that is how I use mine. After all, itâs my phone, not yours.
This was a poke at this comment: âIf you want paranoid levels of security, consider following the NSAâs Rule of Two, which means two completely independent layers of encryption.â
Thank you for providing helpful links! While I am well aware of the privacy invasive nature of iOS, I currently donât have the funds to switch to my preferred alternative, GrapheneOS. This is my personal preference, and YMMV.
GrapheneOS is complete snake oil. Read more here to know about âsecurityâ cultists in FOSS/privacy community.
Itâs not very appropriate to discriminate against a group of people, even if their views do not align with yours. They are still people, after all. While I donât share your views about GrapheneOS, I do appreciate providing sources to back up your claims. Kudos to you for using old.reddit.
This post is a massive joke.
This is not nice and does not contribute to the post at all, and is therefore unnecessary. If you have negative opinions regarding a post, consider simply downvoting and potentially having a conversation with the creator (me) about it.
This person made a rough guide, and not merely shared their own setup.
If my post has been perceived as a guide, I apologize. It was not my intention. Iâm not exactly sure if you were referring to a privacy guide, or a guide on how to format answers (which many people have followed). I donât see any parts that encourage people to use the same services that I use (as a privacy guide would), but I could be wrong. Would you mind elaborating with specific examples?
And if someone is going to suggest their setup, let alone a guide, there will be people who pick it apart. Most will be trolls, some will be constructive.
This is the sole reason I placed the rules directly in the post, to discourage that behavior. Obviously itâs not foolproof, but it has significantly helped prevent it.
âHardened iOSâ is an oxymoron at some level, for example.
I agree that, in some sense, it is an oxymoron: considering that iOS cannot be fully hardened due to multiple factors. The reasons I chose to use that terminology are explained below.
If you use iOS, stop trying to conform to âcoolâ privacy notions, and be okay with it.
I tried my best to refrain from using terms that beginner privacy enthusiasts would not understand, which led to certain creative solutions to be used, such as âhardenedâ as an adjective to describe a more locked-down service. If you have any suggestions on alternatives, I am happy to hear them!
Switch to Android and harden it when comfortable.
I do not have the finances to switch to a device capable of running Android yet. I am doing the best with what I can. Thank you for understanding my situation!
Yes I mocked the post, but I did not berate the user, and I consider it fair enough.
Mocking any content created with detail and care is not a kind thing to do, and goes against c/privacyâs 6th rule âBe nice :)â, which I am sure you are well aware of, considering you are a moderator in that community.
I come with a lot of privacy/anonymity experience so I suggest things in a more hardline manner, while being able to see through if someone is okay with a more basic threat model. I am not a snobby elitist. I make guides for threat modelling, smartphones and computing.
Interesting! Would you mind linking to a few of your guides? I am very interested in reading them.
âHardened iOSâ and âGrapheneOSâ often crosses my tolerance limit.
It is interesting for you to compare hardened Android (which you have stated is preferable) to iOS (which you have stated is not private). Would you mind elaborating on why GrapheneOS is not regarded as highly in comparison to other hardened Android ROMs, in your own opinion? Also, disregarding how privacy invasive Apple devices are, do you believe that Appleâs Lockdown Mode (at least) delivers on security features?
It sounds to me from experience that the person is no longer âreachableâ in a reasonable manner, unless drums are loudly beaten.
I am happy to hear that I was able to exceed your expectations, with quiet instruments.
One thing I am known for is not abusing mod powers, and giving people plenty leeway. But even then, being the mod, you probably view it as an imbalance
Would you mind elaborating on why I may see your messages as an imbalance, as a result of your status as a professional moderator of this community?
If it is a simple debate in public, I welcome it as well.
I am glad you are open to a clean, transparent discussion. I look forward to hearing from you.
I cannot promise an immediate debate unless I am free, given my life circumstances, but we can try.
Thatâs alright, we all have hardships in the real world. Take your time.
I will admit one mistake, I did not know and assumed Secureblue is a misspelled Silverblue
It is a good quality to be able to admit your own mistakes, and I commend you for that. Until recently, I, too, was unaware as to what Secureblue is.
Nice pick. I use Debian Stable and am extremely picky with what I install, even minimising Flatpak installs and network connected programs.
Thank you! It was actually the community you moderate (c/privacy) that helped me pick it out. I, too, am somewhat picky about my installs. I am currently sticking to strictly Flatpaks.
I am eager to hear your responses! Please, get back to me when you can.
Reading this, my only thought was âThis setup is eerily similar to the one I aspire to have.â Good job! I may reply with questions if I feel up for it.
SomeOrdinaryGamers has a Deep Web series for the âfunâ.
Thank you, Iâll check it out!
I can attest to that, being my MO as well. Smartphones have made us isolated, anti social and dumber.
The same effects were seen with the introduction of the first commercially available computers.
Either use these terms or just leave them out.
There is nothing wrong with what I said.
Well, for one, they openly harass and witch hunt people (Micay instructed mods in his Matrix chat), and Micay went on to call almost everyone complicit in his claimed swatting attempt in April 2023, for which there is no evidence provided or in media. He also abuses âautismâ label to avoid public accountability for his lies and crybullying behaviour.
Linus Torvalds himself has called these security cultists âmasturbating monkeysâ for the annoying things they do. People like Brad Spengler have been an annoyance to Linux community. And many people dislike the disregard for open source culture, privacy, anonymity and performance in the name of security, since most of them love advocating for corporate closed source security.
All of this is irrelevant to the GrapheneOS project itself. What the creators did had no effect on the focus and implementation of GrapheneOS.
When I get pissed off, I try steering people in a better direction.
That does not excuse your actions. There are kind, constructive ways of helping people in the right direction, what you did was neither of those.
If you use it, use it, but iOS in no measure stands above Android for privacy, security and anonymity purposes.
I never claimed it did. In fact, I implied the opposite.
Have you considered publishing a proper article on a place other than social media?
People often leverage powers to ban or silence debating just to not âloseâ.
Another way of trying to win a debate would be to blatantly ignore and refuse to acknowledge points brought up by the opposing side. Here are the ones you missed:
If my post has been perceived as a guide, I apologize. It was not my intention. Iâm not exactly sure if you were referring to a privacy guide, or a guide on how to format answers (which many people have followed). I donât see any parts that encourage people to use the same services that I use (as a privacy guide would), but I could be wrong. Would you mind elaborating with specific examples?
I agree that, in some sense, it is an oxymoron: considering that iOS cannot be fully hardened due to multiple factors. The reasons I chose to use that terminology are explained below.
I tried my best to refrain from using terms that beginner privacy enthusiasts would not understand, which led to certain creative solutions to be used, such as âhardenedâ as an adjective to describe a more locked-down service. If you have any suggestions on alternatives, I am happy to hear them!
I do not have the finances to switch to a device capable of running Android yet. I am doing the best with what I can. Thank you for understanding my situation!
Mocking any content created with detail and care is not a kind thing to do, and goes against c/privacyâs 6th rule âBe nice :)â, which I am sure you are well aware of, considering you are a moderator in that community.
It is interesting for you to compare hardened Android (which you have stated is preferable) to iOS (which you have stated is not private). Would you mind elaborating on why GrapheneOS is not regarded as highly in comparison to other hardened Android ROMs, in your own opinion? Also, disregarding how privacy invasive Apple devices are, do you believe that Appleâs Lockdown Mode (at least) delivers on security features?
It seems you ignored over half of my message.
I look forward to hearing the responses you missed!
GrapheneOS is a standalone mobile operating system based on the AOSP. Androidâs kernel is based on the Linux kernel. If GrapheneOS is not an OS, then you are saying Android isnât one either. Would you mind elaborating on why you believe GrapheneOS is not an OS?
FTC issuing over $5.6 million in refunds from Ring security issues ( www.ftc.gov )
[Solved] Looking for a privacy oriented fitness tracker
Hi other privacy people :)...
How can you prevent KeePassXC database lockouts?
Inspired by this post, I decided to see if I could identify any single points of failure in my own setup....
Google Agrees to Delete Billions of Files Collected in Chrome Incognito ( restoreprivacy.com )
Where are places you see ads?
Iâve noticed that ads are absolutely everywhere, and wanted to post this to disillusion some of the places we see ads but donât realize. It would be harder to make a list of places you donât see ads....
Why don't people here love SimpleXChat more? ( simplex.chat )
SimpleX Chat is an instant messenger that is decentralized and doesnât depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations....
Google agrees to destroy browsing data collected in Incognito mode ( www.theverge.com )
Not sure which news website I should be using for the link, sorry! Iâm happy to change it if anyone has a better one....
Discord to start showing ads in the coming week after resisting for almost a decade ( www.neowin.net )
I donât think people on this sub use it, but itâs great news for us. The worse it gets the likelier people move on.
What are the risks of sharing DNA?
Iâm concerned about the privacy implications of DNA testing services like 23andMe or AncestryDNA. What are the potential risks of sharing our genetic data with those companies, and are there any privacy-focused alternatives available?
Looking for a DNS resolver
Hello!...
Why haven't private carriers emerged yet?
All questions are in bold for ease of use....
podcast - The Daily: Your Car May Be Spying on You ( www.nytimes.com )
may be of interest to this community...
Travelling to the US - precautions?
Hi all,...
My Privacy Setup
I just read in interesting and informative post from @Charger8232, and decided to write one of my own....
Improve Your Privacy Setup
Hello, Lemmy!...