https://archive.is/tc2xB

Do you think it's worth keeping 2FA OTPs in a separate source from your password manager? Currently I keep them in Bitwarden. I was thinking keeping them separate could add a little extra security in case my BW was cracked, but not sure it's worth the hassle of loading a second app for logins.

Do you know of an app that does 2FAs as conveniently as Bitwarden, in that it has mobile apps, browser extension, etc that can all access the same vault?

here's one i came across from an awesome-selfhosted list. i would need to test the PWA experience https://github.com/Bubka/2FAuth

Gait biometric systems capture step patterns using video images and then convert the collated data into a mathematical equation. Gait as a biometric measure can be influenced by several factors, including footwear, terrain, fatigue, and injury.

...Love this sub, I don't have hardcore needs in terms of privacy, but wanted to know for people that enjoy a covid mask, their opinion on Gait Rec. Technologies, and does any one have any intel in throwing these systems off, whether or not that is impossible?

Is there any up-to-date method to keep the Meta Quest 3 as privacy friendly as possilbe? I know it can't be made perfect, but maybe some known working block lists etc.?

i'm thinking about getting one but their data hoarding is the reason i don't want to. Unless i can somehow make it less invasive.

Yesterday, I started watching a video on YouTube but closed out of my browser (Firefox) only a few minutes into the video.

I've got my Firefox set to delete all cookies, history, form data, etc on every close. (Pretty much everything but bookmarks.) The image on this post is a screenshot of my relevant settings.

Today, after having exited my browser and fully shut down my computer for a while, I remembered the video and decided to continue watching it.

In Firefox, I searched for the video (I used the search term "gnu taler" -- something worth looking into especially for folks interested in this particular Lemmy community by the way). In the search results, the video I was searching for showed the red bar at the bottom indicating I'd watched only the first few minutes of it.

Which seems weird given that I'd cleared all my browser data since I watched the first few minutes.

So I did some experimentation. I closed my browser completely again and opened it back up, searched in YouTube, and it still had the indicator. I updated to the latest version of Firefox in the Arch package repository. Same indicator. I tried the same in Chromium (which I've also got set to delete all browser data on close). Still the indicator. I installed Tor Browser Bundle (specifically torbrowser-launcher on Arch Linux), changed none of the default settings at all, and searched in YouTube. The indicator is present. In Tor Browser Bundle.

W

T

F

?

Anybody have any idea how that's possible?

My only guesses are:

• That search is so niche as to be literally unique (which if true makes me sad -- I really hope GNU Taler takes off and becomes widespread) and YouTube is using that to identify me.
• YouTube doesn't know where I left off at all. Not even my browser knows (because if it was my browser keeping track, it wouldn't persist between browsers). It's something else on my system that my browsers depend on or tap into.

The only other pieces of relevant info I can think to share:

• There's another video (also about GNU Taler) that I watched all the way through the same day that I started the video this post is about. It doesn't show any indicator.
• I tried searching on my phone's browser. No indicator. But then I'm not sure my phone ever shows indicators. I haven't tried this on any other devices on my network or anything.
• I still haven't watched the video in question. Heh.

Thanks in advance for any insight you might have.

Edit: Sorry for neglecting to mention previously that at no point during any of the above did I log in to YouTube. And the "Sign in" button was visible at the top of the page indicating I wasn't logged in. Since multiple people asked, I figured I should edit my OP with that info.

Edit2: Two more things to mention. I think some folks are thinking I copied the link and pasted it between browsers during the above test or something? The only reason the timestamp is included in the link I posted above is because when I copied it into this post, I didn't think to remove the timestamp. But I didn't do anything like copying the link from the search results in one browser and then paste the link into TBB or anything. In each separate browser, immediately after opening the browser, I went to YouTube (by typing "youtube.com" into the address bar) and put "gnu taler" into the search bar and hit enter. And in each browser, YouTube somehow remembered where I'd left off in a whole different browser -- with a different IP address in the case of the switch from Chromium to TBB. And no urls were copied between browsers in any of the above.

The other thing to mention. Changing my search term to the full title of the video ("Building an Open Source Payment System - Sebastian Javier Marchano, Taler System" sans quotes) gives the relevant video as the top search result, but no "left off" indicator. And I'm in the Firefox in which I first noticed it had remembered.

Oh, actually, one more thing to mention. After posting this, I continued watching. I'm probably about 3/4 done with it now. But I closed my browser again before completing it, reopened my browser, and searched "gnu taler". It gives the indicator, but the position of the indicator is roughly (possibly exactly) where it was when I first noticed it had remembered. Not where I left off after watching to roughly the 3/4 mark.

Edit3: Wow! Ok. I'm 99% sure folks smarter than me have hit upon what's going on here. Thanks in particular to Tony N and Chozo for the right answer. It looks like YouTube has a feature where, depending on your search terms, it may automatically skip you a certain ways into the video. (Like "oh, you searched for 'gnu taler'? Well, in this video result, this bit in the middle is the part that's relevant to your search terms, so we'll just start you such-and-such-many seconds into the video.") The red bar doesn't mean "you've watched this" at all. And YouTube isn't "remembering me" between browsers. It's just consistently (as long as I use the specific search terms "gnu taler") suggesting that I start that video 273 seconds in rather than from the beginning. And anyone who searches that exact search term should get similar results... unless they're on mobile for some weird reason? That paired with the coincidence that I'm pretty sure I just happened to have stopped the video yesterday right about at the same place where YouTube recommends you start had me very confused. Whatever the case, I'm satisfied this must be the right answer. Thanks again, ya'll!

One example would be state disability programs, they already need my real name and identity to work with me. Are there any downsides to sharing a simplelogin alias containing my real name vs no containing my real name? I just think it would be easier record keeping for them.

I've been using Microsoft todo for a good while now after failing to find any decent private todo tools some while back. To my disappointment, there seems to be nothing much, perhaps with this one exception.

Everdo is one I recently ran into. It is focused on a the “Getting Things Done” Methodology, but if you are uninterested in that you could presumably ignore the extraneous stuff. It offers a local-network sync (pretty unique) as well a hosted E2EE (if I read it correctly) cloud sync service. You can see more here https://help.everdo.net/docs/sync

Privacy policy seems fine https://everdo.net/legal/#privacy-policy

It is local first, albeit on some internal database, not local files

For those of you using Proton services to protect your privacy, a new feature is being rolled out which is a self-custody Bitcoin wallet. If you have a proton e-mail address, you can now send and receive Bitcoin automatically. This is in tradition with their long-standing policy of accepting Bitcoin payments for their services.

A few key points to know:

• You and only you have access to the Bitcoin, it is a self-custody wallet. You are not dependent on proton's cooperation to access your funds and they do not hold onto the funds for you.
• Proton automatically translates e-mail addresses to Bitcoin addresses. This means you can send/receive BTC to/from any Proton user by just knowing their e-mail address
• Proton does not support Bitcoin lightning. This means transactions will take an average of 10 minutes for an average fee of 75c. Hopefully they will add lightning in the future so that can drop to under a second for pennies in fees. Lightning would also enhance privacy
• Note that using Bitcoin is pseudonymous. Using it privately and anonymously requires some effort.
• Proton has also put together a good primer on Bitcoin here.

from their blog post:

Early in our journey, we experienced first-hand what it’s like being cut off from the financial system and at the mercy of large banks and institutions — an ordeal that affects millions of people across the globe. In the summer of 2014, as the original Proton Mail crowdfunding campaign was in progress, Proton had a near-death experience when PayPal froze our funds, questioned whether encryption was legal, and whether Proton had government approval to encrypt emails.

Fortunately, in that instance PayPal returned the blocked funds, and Proton was able to start the journey that we’ve been on for the past decade. However, that dangerous moment has always stayed in our minds, and we still keep a proportion of Proton’s financial reserves in Bitcoin.

Having experienced firsthand the unreliability of the traditional financial sector, building Proton Wallet is an important strategic move to make Proton more resilient and independent in the future. By enabling us and the entire Proton community to more easily adopt means of payment that deliver on the promise of financial freedom for all, we better insulate Proton from the risks posed by traditional finance.

cross-posted from: https://slrpnk.net/post/11683880

cross-posted from: https://slrpnk.net/post/11683421

The EU has quietly imposed cash limits EU-wide:

• €3k limit on anonymous payments
• €10k limit regardless (link which also lists state-by-state limits).

From the jailed¹ article:

An EU-wide maximum limit of €10 000 is set for cash payments, which will make it harder for criminals to launder dirty money.

It will also strip dignity and autonomy from non-criminal adults, you nannying assholes!

In addition, according to the provisional agreement, obliged entities will need to identify and verify the identity of a person who carries out an occasional transaction in cash between €3 000 and €10 000.

The hunt for “money launderers” and “terrorists” is not likely meaningfully facilitated by depriving the privacy of people involved in small €3k transactions. It’s a bogus excuse for empowering a police surveillance state. It’s a shame how quietly this apparently happened. No news or chatter about it.

¹ the EU’s own website is an exclusive privacy-abusing Cloudflare site inaccessible several demographics of people. Sad that we need to rely on the website of a US library to get equitable access to official EU communication.

update

The Pirate party’s reaction is spot on. They also point out that cryptocurrency is affected. Which in the end amounts to forced banking.

#warOnCash

After reading such news I have an obvious question. Does anyone know a PayPal-like service, that allows to hide the destination of my transactions from Mastercard / bank, but with a good privacy policy? Or how else can I restrict the usage of my financial data by mastercard or bank?

I’ve been using invidious for a few years. I recently changed up my morning routine and have been eating breakfast watching YouTube via the TV app versus on my PC.

It made me realize I kind of miss the recommended videos in some circumstances like when I just wanna veg out.

Are there any current viable yt front ends that either maintain the algorithm or utilize their own to find you new content?

my family is moving into a much bigger house than we used to have. we use amazon echos as an intercom system through the announcement feature. because our house is bigger, i’m being forced to get one myself for my room. i haven’t needed one for years because i use their app on my phone and i can see their announcements as a notification and i can also kill off most of its tracking by DNS. unfortunately my parents don’t understand this and are forcing me to get one. what can i do to limit its tracking?

There are many ways to describe Voice-over-IP, or VoIP. I've seen it called an anonymous, internet, alias, or throwaway phone number (and more). Regardless of the name, I personally consider VoIP to be a healthy part of a good privacy and security strategy. The advantages are endless. For one, VoIP is harder to SIM Swap compared to a normal SIM phone number. VoIP can also help provide you privacy since most SIM numbers can easily be Googled or looked up on any number of the hundreds of people search sites and return information about the carrier and who the number is registered to. On the day-to-day, VoIP – combined with other strategies I recommend on The New Oil – can help reduce spam calls/texts, prevent would-be stalkers, create healthy work/life balances, control what information people (like prospective employers) can find about you, and help compartmentalize or reduce tracking by big corporations. Sadly, VoIP is a tool that's not widely available in many countries, but for those with access to it, VoIP can provide numerous benefits and should at very least be considered. So this week let's explore some of the best VoIP options currently available for consumers.

Tips to keeping your identity secure, and protecting other members of your community from being accidentally doxxed or forced offline.

Extremely useful, especially for people who coordinate larger protests or online communities.

Ive been on the hunt for a while for something like this. I started looking again since the life360 breach. This is nearly perfect. Just need the iOS app to have a little more support and be in the app store for my less techy friends/family.

Im considering buying a new phone and i don't really consider a Pixel. I really like Fairphones approach, with the self repairable stuff. Even though they don‘t have a headphone jack. But well… I can’t change it. I’ll definitely go with the adapter over wireless headphones.

But to my question: What private OSes are there? Fairphone sells FP4s with eOS, how is that? And does it work on the FP5? GrapheneOS only works on Google Pixels right?

I just wanted to share that you can disable google play store on stock Android and not lose that much functionality, if for any reason you use an app that require Google play store or you want to make a play store purchase, you can enable it again.

I personally disabled it and I get my apps from Aurora Store, ApkPure and Droidify.

It decreased my phone battery usage by a lot and I am less dependent on google overall.

I just tried changing my email on studentaid.gov to a simplelogin alias (using SL is a habit at this point) and I got notifications that emails from it were bounced while trying to verify the email change with sent codes. I looked it up and found a bunch of Reddit posts about issues with SL and iCloud.

i want to understand more about WebRTC security when using vpn. id like to know if it is more secure with VPN than without… or even if its recommended to use WebRTC with VPN.

i created a webrtc demo: https://chat.positive-intentions.com/#/webrtc (the corresponding code its created with: https://github.com/positive-intentions/chat/blob/staging/src/components/pages/webrtc/WebRTC.jsx)

if i generate a “WebRTC offer” then i see a bunch of information including my IP address.

if i do the same with VPN, i see that my ip address isnt in that payload.

following the information here: https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html?m=1

and using the demo here: https://ipleak.net/

it seems even with vpn, the local ISP ip seems detected.

a recurring concern ive had on reddit about the security of my app is that webrtc exposes ip addresses. im investigating using the app with vpn. it seems to work like normal.

in the example details given above, i see while the local ISP IP is exposed, the personal ip address is still hidden. im sure what is exposed there is not worthless, but it could help users with privacy and security.

on the back of this investigation id like to see if i can add something like a toggle in my app called “enforce VPN” which will first check to see if you are on a vpn, and if you are, open the rest of the app.

my app is using peerjs-server as the connection broker. this is a third party i have no contractual agreement to provide me with a service. it could help to hide your IP from this service.