Even they would tell you that using sandboxed google play and the g cam app is a better experience if your looking for more then just snapping a photo on your phone though. As obnoxious as they can be on mastodon they are pretty honest with the limitations of their apps due to it not being as high of a priority.
Let be honest, If your threat model is truly to escape the NSA you probably shouldn’t be risking being on social media.
I think part of the reason people dismiss the idea that someone could have that big of a threat model is in most cases it would be unbelievably bad opsec to risk talking about your threat model on social media or something like the privacy guides forum.
I really appreciate privacy articles that talk about threat modeling as it seems like its the biggest part of privacy people miss.
Lol OK. Seems like its to much for you to consider you poorly communicated your point anyway.
I think if people read that comment and think they are being called dumb, that’s completely on them and probably a good time to look themselves in the mirror.
Nothing wrong with the design. Its literally just making thing easier at no cost to the user.
“Basically then it degrades to a very strong password that can’t easily be phished.”
I’m disagreeing with this, in that you are still (hopefully) using 2FA with your vault. Therefore whatever your accessing in that vault whether its a TOTP token or a password is still protected by MFA and not just a “very strong password”.
Putting a TOTP token inside a vault protected by a strong password and another form of authentication is no less secure then having it be separate from the vault.
Not really. You still should be using MFA to access the vault itself before you can even get to the Token.
Yes but you would still have 2FA.
You would still be using 2fa to access your vault. So in effect anything in that vault has more then 2 factors of authentication as it requires MFA just to get to the password.
This seems more like a user issue then a security issue. If you are avoiding this feature because you have to idiot proof your security against yourself, your probably going to be compromised at some point anyway.
As for your example, this seems easily avoidable by
Seems a bit odd to roll this out without having the ability to import from other authenticators (at least on android). Feels like a pretty basic feature.
Why do you think its not safe? If you trust bitwarden to protect your passwords what exactly do you think is going to happen?
Even if bitwarden is compromised in someway in the future, all that data is still encrypted and would still be highly unlikely to actually be accessed in any usable form.
The only risk is if you use a bad master password. Which is the biggest risk of using a password manager regardless.
Or just generate a random series of 5 words (through bitwarden) separated by the character of your choice and have a much better password that’s relatively easy to memorize.
Bitwarden has an import tool. You should be able to convert your spreadsheet into the format they like and import relatively easily.
For backups, you can create encrypted backups through bitwarden. So it shouldn’t matter if synching itself is a secure process as what your syncing is already encrypted.
“I’ve searched the web for my name, home, and phone number. Haven’t found anything on myself yet.”
All this means is your not very good at finding that info. You even stated there are 53 pending brokers, meaning that info is available online.
“Your information is already out there”
This is kind of an odd line of reasoning to hide behind. One one hand you are willing to pay to have your data removed, on the other hand you don’t mind a service actively handing over data because its “already out there”
Again this isnt specific to easyoptouts. Other data removal services do this as well. It would be less of an issue if once your data is removed its permanent but there is nothing stopping brokers from re-adding you, and now your on the radar of new brokers.
The only concern with easyoptouts is they will send requests to brokers they are not sure of, which can lead to data brokers who had no data on you now being sent it. This is not a specific problem for them, as other services do this as well.
You can go to inteltechniques and peruse their data removal guide. That is basically a massive list of brokers / sites that may have your data.
Tor is the best option of anonymity but, its bad opsec that you really have to worry about. There is no platform that can save you from yourself.
My bad i assumed people on this sub had the amateur knowledge required to protect themselves and/or avoid the 5 trackers on the site.
Your right though, if clicking a link to theverge is such a massive risk for you, then not reading articles is probably least of your concerns.
I think you and your girlfriend should read about “threat modeling”. You need to figure out what you and her are trying to keep private and from whom. Without knowing that, its impossible to say if a VPN is a good solution.
For example if she is trying to hide her web traffic from her ISP then a VPN is a great solution, if she is trying to be annoymous on the web then a VPN won’t do much as you are still easily fingerprintable amongst other things.
People all to often act like privacy is some sort of list of sub items that you can check off like completing a quest in a MMO.
Each individual’s privacy goals are different, privacy is not a one size fits all problem or solution. Your girlfriends needs may be drastically different then your own.
The app was bought out 9 months ago by some mystery company, isn’t actually open source, and you have not switched or made backups? I’m sorry, this is as much a user error as an issue with Raivo.