edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the actual problem i had with Spyhunter, not VLC.

Spyhunter 5 has been bothering me about potential data leaks from vlc media player. The vulnerability is generally based on publicly available information.
It would be a shame if i have to switch, been using vlc for as long as i remember. It is probably the best media player out there, but i hate sharing my personal data in any way or form.

Spyhunter msg:

• Severity: Medium, VLC media player (Version 3.0.4)
  • The CAF demuxer in modules/demux/cad.c in VideoLan media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in Caf files, because a ReadKukiChunk() cast converts a return value to an unsigned int, even if that value is negative. This could result in a denial of service and/or potential infoleak.

Is this even anything to care about? I have updated VLC including removing cashe and still get the alert. Is a rollback another option perhaps?

So:

• I keep all my passwords in my password manager (Bitwarden)
• All my 2FA codes are generated by AndOTP on my phone.
• My 2FA backup codes are also in Bitwarden, which I think is a bad idea, because that defeats the purpose of 2FA. So where should I put those?
• I have my Bitwarden 2FA backup code in my wallet and in a safe at my house. Is that a good idea for the other backup codes?
• Is there anything I'm forgetting here?

I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this, and frankly, I'm getting really exhausted of hearing about how all the things I'm using aren't actually trustworthy. So can so someone put my mind to rest? Does this guy's claims have any truth to them? Thanks.

I’ve recently gotten to speak with a few folks who work at an enterprise security company. I asked what their security researchers set as company rules for allowed laptops. My one datapoint so far is “Dell or Apple.” So for example, no Thinkpad X1 Carbon, which is arguably the best work laptop.

I am curious what other large security companies (or any of you security minded folks) set as rules for trusted laptops. Can anyone share their lists and theories as to why I heard Dell and Apple? BIOS is more trustworthy?