The app was bought out 9 months ago by some mystery company, isn't actually open source, and you have not switched or made backups? I'm sorry, this is as much a user error as an issue with Raivo.
Even they would tell you that using sandboxed google play and the g cam app is a better experience if your looking for more then just snapping a photo on your phone though. As obnoxious as they can be on mastodon they are pretty honest with the limitations of their apps due to it not being as high of a priority.
Something can be shady and not a honeypot. It's much more common. Its like people forgot this and now anytime anyone feels something is sus this type of post appears.
Let be honest, If your threat model is truly to escape the NSA you probably shouldn't be risking being on social media.
I think part of the reason people dismiss the idea that someone could have that big of a threat model is in most cases it would be unbelievably bad opsec to risk talking about your threat model on social media or something like the privacy guides forum.
I really appreciate privacy articles that talk about threat modeling as it seems like its the biggest part of privacy people miss.
I was in middle school and I saw my friend had all the episodes of ATHF (aqua teen hunger force) and I wanted to be able to get free episodes of stuff. Silly but true.
You can therefore blame the mooninites for my piracy.
You shouldn't be installing extensions on mullvad browser anyway. This completely ruins it's anti fingerprinting measures, which is one of the biggest reasons to use the browser. If your going to install extensions use Firefox or Brave.
If someone can identify you through your lemmy username an admin isn't going to save you from your terrible opsec practices.
Lemmy is a social media service. Act accordingly.
Why would "community vetted" imply FOSS?
Microsoft has a massive community of users and sysinternals is highly regarded amongst amateur and professional users alike. The term "community vetted" makes perfect sense in this context.
I use an optiplex for torrenting, Plex media server, and real debrid. The VPN is always on so I wouldn't be concerned to use it as my daily driver but it's a bit old to handle other tasks in use my daily driver for.
This. There really is no point in installing something like tinywall, when there is a built in firewall that has more functionality (granted its much less user friendly).
Another case of a user with terrible opsec that proton will end up being blamed for.
Mullvad, IVPN, Proton, AirVPN, or Windscribe are all fine. Depending on how much stock you put into audits the first three are probably a tier above for privacy.
What don't you like about IVPN? Audited, open source, great reputation. I don't even use them but seems odd to count them out.
Lol OK. Seems like its to much for you to consider you poorly communicated your point anyway.
Lol OK. Seems like its to much for you to consider you poorly communicated your point anyway.
I think if people read that comment and think they are being called dumb, that's completely on them and probably a good time to look themselves in the mirror.
Nothing wrong with the design. Its literally just making thing easier at no cost to the user.
I think if people read that comment and think they are being called dumb, that's completely on them and probably a good time to look themselves in the mirror.
Nothing wrong with the design. Its literally just making thing easier at no cost to the user.
"Basically then it degrades to a very strong password that can’t easily be phished."
I'm disagreeing with this, in that you are still (hopefully) using 2FA with your vault. Therefore whatever your accessing in that vault whether its a TOTP token or a password is still protected by MFA and not just a "very strong password".
Putting a TOTP token inside a vault protected by a strong password and another form of authentication is no less secure then having it be separate from the vault.
Was hoping to get help finding a guide with more detail on setting up something like rdt-client for people who don't use docker.
It appears like its very much possible but it seems like pretty much all guides assume the user is setting it up in docker.
Currently have zurg and plex debrid setup with RD which works great but i find plex debrid a little lacking in being able to find what im looking for compares to using the *arr programs.
A Google Oauth vulnerability that allows employees to maintain access to services after they're offboarded.
Initially saw this article from Brian Krebs mastodon account.
https://infosec.exchange/@briankrebs/111608035574860035
https://www.reddit.com/r/SimpleMobileTools/comments/187w64x/simple_mobile_tools_bought_by_zipoapps/
Confirmation in linked github discussion.
"We can disclose only now that we had a server in Toronto seized in 2015, initially without our knowledge. Maybe a court order was served to the datacenter. For about 10 days we did not understand what happened to the server, which did not respond, while the datacenter did not provide information. After 10 days Italian police (and not any magistrate) contacted us. They informed us that Toronto police and FBI (*) asked for our help because they could not find any log in the server. Unfortunately their help request came after the server had been already seized. They did not even make a copy, they took it physically, therefore the server went offline, probably alerting the alleged criminals. It was obvious that forensic analysis could not find any log, simply because there were none. Our VPN servers did not even store the client certificates, go figure (now they also run in RAM disks, but in 2015 they did not). The whole matter was led by informing us without any document from any court or magistrate, but only through official and informal police communications, and only to ask for help after forensic analysis obviously failed completely.
We were not asked to keep confidentiality on the matter, but just to stay on the safe side and support the investigation on what it appeared as a serious crime (a whole database with personal information of a commercial service was cracked, stolen and published in public when the web site owners did not pay a "ransom"; while our server was apparently not used for the crack, it was used to upload elsewhere the database) we decided not to disclose the whole matter for at least 7 years. It's one of those cases confirming that our servers do not store log, data or metadata of clients' traffic.
(*) We may speculate that FBI was involved in a Canadian matter because the stolen database contained US citizens' personal data"
Thought this might be helpful to others who use Mullvad Browser.
Got to the advanced preferences and set webextensions.storage.sync.enabled to true.
I have been switching from Brave to Mullvad Browser and one odd issue I am running into is that I am not able to use my yubikey to login to sites such as simplelogin or protonmail anymore.
My guess is its something with noscript as the other addons I used on Brave but, even if I mark an entire site as trusted the yubikey prompt still seems to be blocked.