• 2 Posts
  • 180 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle

  • IMHO UnifiedPush is just a poor re-implementation of WebPush which is an open and distributed standard that supports (and in the browser requires, so support is universal) E2EE.

    UnifiedPush would be better as a framework for WebPush providers and a client API. But use the same protocol and backends as WebPush (as how to get a WebPush endpoint is defined as a JS API in browsers, would would need to be adapted).



  • kevincox@lemmy.mltoPrivacy@lemmy.mlIn search for a good VPN
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    I mean it is always better to have more open source. But the point of the multi-hop system is that you don’t need to trust the server. Even if the server was open source:

    1. You wouldn’t know that we are running an unmodified version.
    2. If you need to trust the server then someone could compel us to tap it or monitor it.

    The open source client is enough to verify this and the security of the whole scheme.


  • kevincox@lemmy.mltoPrivacy@lemmy.mlIn search for a good VPN
    link
    fedilink
    arrow-up
    26
    arrow-down
    1
    ·
    2 months ago

    Mullvad is one of the best options if you care about privacy. They take privacy seriously, both on their side and pushing users towards private options. They also support fully anonymous payments. Their price is also incredibly reasonable.

    I’m actually working on a VPN product as well. It is a multi-hop system so that we can’t track you. But it isn’t publicly available yet, so in the meantime I happily recommend Mullvad.


  • Vista sucked so bad. I got a nice new laptop and it was constant pain. One of the real breaking points was that it would refuse to let me modify or delete some files even as superuser. If I recall correctly they weren’t even system files, maybe a separate partition or something.

    I tried installing XP but there was some sort of driver issue with my CD drive. It would start installing fine, but then once it tried to reboot off of the HDD to finish the installation it couldn’t find the installation CD to finish copying things, so the install just crashed half-way done.

    I installed Ubuntu on a partition, dual booted for a while. After a few months I realized that I never even used the Windows partition anymore so I wiped it.


  • Likely what is happening is that the game is probing audio devices and triggering the mic on your headphones to get picked up. This switches them into the “headset” profile which has awful audio quality. I don’t know why the UI isn’t showing that, make sure you are checking while the game is running and the audio sounds bad.

    If you want your headphone mic to work there is not much choice. There isn’t a standard bluetooth profile with good audio and mic. If you never want to use your headphone mic you can probably configure some advanced settings in your audio manager (probably PulseAudio or PipeWire).


  • These are all good points. This is why it is important to match your recommendations to the person. For example if I know they have Chrome and a Google account I might just recommend using that. Yes, it isn’t end-to-end encrypted and Google isn’t great for privacy but at least they are already managing logins over all of their devices.

    In many cases perfect is the enemy of better. I would rather them use any password manager and unique passwords (even “a text file on their desktop”) than them sticking to one password anywhere because other solutions are too complicated.


  • It depends on your threat model. It does mostly reduce the benefit from 2FA, but you are probably still very safe if you use a random password per site. I mostly use 2FA when forced (other than a few high-value accounts) so I don’t worry about it. For most people having a random password which is auto-filled so that you don’t type it into the wrong site is more than sufficient to keep themselves secure.



  • kevincox@lemmy.mltoPrivacy@lemmy.mlUse a password manager
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    3 months ago

    Honestly nothing. I recommend this to everyone because it is the easiest way to set up and offers huge advantages.

    1. No more password reuse, per site random passwords.
    2. Auto-fill reduces chance of phishing attacks work because you get suspicious if the password doesn’t auto-fill.
    3. Most browsers will integrate it into their sync service to reduce the risk of you losing your passwords.

    I think these are the two biggest benefits and every browser password manager will accomplish both.


  • These are real issues however they are pretty easy to mitigate, and I would say that the upsides of a password manager far outweigh the downsides.

    1. Make sure that you are regularly typing your master password for the first bit. After that you’ll never forget it. You can also help them out by saving a copy of their master password for them at least until they are sure they have memorized it. There are also password managers where you can recovery your account as long as you have the keys cached on at least one device.

    2. This is far, far outweighed by the risk of password reuse. This is because when a single one of the sites you use gets hacked then people will take that credential list and try it on every other site. So with a password manager there is just one target, without it is one of hundreds of sites where you reused your password. Many password managers also have end-to-end encryption so without your password the sync service can’t be hacked (as it doesn’t have access to your passwords).


  • Basically they license out the system to companies. You can get a rough idea here: https://what3words.com/business

    The idea is that by making it free to individuals they build up market familiarity and expectation. Free personal use is just marketing for the paid product. Then they can turn to businesses and convince them that they should offer their system as a service and charge them for it.

    The closest alternative is probably Plus Codes. They are driven by Google but are free to use for everything with a pretty plain and simple Terms of Use.

    Instead of words they use an alphanumeric encoding. The main downside is that this can be less memorable but the upside is that it works for users of all languages and you can shorten the codes by using a Country or City reference as well as control the precision.



  • The best option is probably using a geo: URL. This should open in all devices in their favourite mapping application. Example. If you want to link to a specific store or similar beyond just a location you can add a “query” which some apps will use to highlight that. Example.

    Another decent option is Plus Codes. These are a bit shorter and easier to manage but lack a URL format as far as I can tell. MJ75+P3 Toronto, Ontario.

    You can also just link to an alternative service such as Open Street Maps. This avoids Google but still imposes a particular service on others.






  • I regularly consider doing this. Obviously it is great from a privacy perspective. But I hate dealing with cash, especially change. With cards I just have one thing in my wallet and it just works forever. My bank account is automatically charged at the end of the month. With cash I need to keep refilling my wallet and carry around annoying change.

    I would love to have something digital but also private (like Monero). But so far I have been picking convenience over privacy.