I've used KeepassXC (And before that the original Keepass) for over 5 years now, and it's great. Super easy to keep synced across devices via Dropbox/Drive/Syncthing/etc., and the built-in browser...
I've used KeepassXC (And before that the original Keepass) for over 5 years now, and it's great. Super easy to keep synced across devices via Dropbox/Drive/Syncthing/etc., and the built-in browser integration is nice for autofill.
I think Bitwarden only supports cloud syncing, whether it's the official one hosted on Azure or self-hosted. The maintainer apparently doesn't want to work on an offline version. You'll need to...
I think Bitwarden only supports cloud syncing, whether it's the official one hosted on Azure or self-hosted. The maintainer apparently doesn't want to work on an offline version. You'll need to pick a different password manager (e.g. Keepass XC, pass/tomb/gopass/etc) to keep the vault on your device.
From kyle's (maintainer) point of view it's not really that strange at all. Bitwarden (the commercial subscription product) is designed to offer a convenient alternative to proprietary cloud...
From kyle's (maintainer) point of view it's not really that strange at all. Bitwarden (the commercial subscription product) is designed to offer a convenient alternative to proprietary cloud solutions. Users who want more control of their data (a very small portion of the population, who are probably not going to pay anywhere as much) have other options.
The best-of-both-worlds approach I use is pass combined with syncthing. Most password managers use the "entire vault in one file" approach, which makes syncing prone to replication conflicts. pass...
The best-of-both-worlds approach I use is pass combined with syncthing.
Most password managers use the "entire vault in one file" approach, which makes syncing prone to replication conflicts. pass does one-file-per-password, so its integration with syncthing is seamless.
The end result is that I have passwords on my desktop, laptop and phone (via a pass-compatible Android app plus OpenKeychain and the Syncthing Android app). Cross-device synchronization, but it never leaves a machine I control, and it's encrypted both at-rest and in-transit.
Be sure to regularly create and test backups! My experience with syncthing has been pretty good but @cadadr had a bad experience with syncthing. Data loss is a problem one should consider with any...
Be sure to regularly create and test backups! My experience with syncthing has been pretty good but @cadadr had a bad experience with syncthing. Data loss is a problem one should consider with any set up.
Also, be careful with how you store and sync your pass files since you might leak metadata like creation time and domain (file) names.
For more recommendations for open source software (services and applications) check out these two projects: Privacytools.io Prism-Break More technical stuff: Practical Linux Hardening Guide...
For more recommendations for open source software (services and applications) check out these two projects:
You mentioned that Firefox has a bug bounty program, but Chromium actually does as well. Their payouts are also quite large. https://www.google.com/about/appsecurity/chrome-rewards/index.html
You mentioned that Firefox has a bug bounty program, but Chromium actually does as well. Their payouts are also quite large.
I don't know if I'd say "spyware". That typically implies malware. Google is quite upfront that they use tracking to improve their ad targeting. If that's a concern they also offer an opt-out of...
I don't know if I'd say "spyware". That typically implies malware. Google is quite upfront that they use tracking to improve their ad targeting. If that's a concern they also offer an opt-out of ad personalization.
Without signing in to a Google Account, Chromium does pretty well in terms of security and privacy. However, Chromium still has some dependency on Google web services and binaries. In addition, Google designed Chromium to be easy and intuitive for users, which means they compromise on transparency and control of inner operations.
ungoogled-chromium addresses these issues in the following ways:
Remove all remaining background requests to any web services while building and running the browser
Remove all code specific to Google web services
Remove all uses of pre-made binaries from the source code, and replace them with user-provided alternatives when possible.
Disable features that inhibit control and transparency, and add or modify features that promote them (these changes will almost always require manual activation or enabling).
I use Firefox also, it's way more customizable. Most Linux distros will provide a binary of Chromium built from the official source and it's up to the package maintainers to apply any un-googling...
I use Firefox also, it's way more customizable.
Most Linux distros will provide a binary of Chromium built from the official source and it's up to the package maintainers to apply any un-googling patches.
"ungoogled chromium" is one of many unofficial versions/forks (Inox, Bromium, Iridium, Debian official package, etc...) that allows one to build Chromium without most Google services or proprietary binaries.
I have used Wickr as a Messaging service, the app seems legit, they also have a desktop client, never used the desktop program though. This is the app that all the criminals use around where i...
I have used Wickr as a Messaging service, the app seems legit, they also have a desktop client, never used the desktop program though.
This is the app that all the criminals use around where i live, i know this since those people are the ones i can acquire the freshest salad from. Somehow this app gets around giving up information to the police, that kind of speaks of what kind of security it has, i guess?
You can set a message burning timer so that it de fragments(or perhaps its another term for how it works on a memory card?) your own messages on their phone.
This might be something you guys should look closer at. Last time i used it it even had a video verification system added. I have stopped eating salad though, so things might have changed.
Is there any truth to the paradoxical claim the more extensions you have, the less private you actually are? The argument I’ve heard goes something like this: the more privacy extensions you have,...
Is there any truth to the paradoxical claim the more extensions you have, the less private you actually are?
The argument I’ve heard goes something like this: the more privacy extensions you have, the easier your browser is to fingerprint because even having the extensions at all is an extra bit of information that can be tracked, and the more extensions you have, the more unique your browser is.
I've used KeepassXC (And before that the original Keepass) for over 5 years now, and it's great. Super easy to keep synced across devices via Dropbox/Drive/Syncthing/etc., and the built-in browser integration is nice for autofill.
I think Bitwarden only supports cloud syncing, whether it's the official one hosted on Azure or self-hosted. The maintainer apparently doesn't want to work on an offline version. You'll need to pick a different password manager (e.g. Keepass XC, pass/tomb/gopass/etc) to keep the vault on your device.
From kyle's (maintainer) point of view it's not really that strange at all. Bitwarden (the commercial subscription product) is designed to offer a convenient alternative to proprietary cloud solutions. Users who want more control of their data (a very small portion of the population, who are probably not going to pay anywhere as much) have other options.
The best-of-both-worlds approach I use is
passcombined with syncthing.Most password managers use the "entire vault in one file" approach, which makes syncing prone to replication conflicts.
passdoes one-file-per-password, so its integration with syncthing is seamless.The end result is that I have passwords on my desktop, laptop and phone (via a
pass-compatible Android app plus OpenKeychain and the Syncthing Android app). Cross-device synchronization, but it never leaves a machine I control, and it's encrypted both at-rest and in-transit.Be sure to regularly create and test backups! My experience with syncthing has been pretty good but @cadadr had a bad experience with syncthing. Data loss is a problem one should consider with any set up.
Also, be careful with how you store and sync your
passfiles since you might leak metadata like creation time and domain (file) names.For more recommendations for open source software (services and applications) check out these two projects:
More technical stuff:
Do you plan on discussing Protonmail or other privacy focused email providers?
Ah I see. Well perhaps that could be a topic for another series or a one-off post by someone. Anyways, I definitely enjoyed the series. Thanks!
You mentioned that Firefox has a bug bounty program, but Chromium actually does as well. Their payouts are also quite large.
https://www.google.com/about/appsecurity/chrome-rewards/index.html
I don't know if I'd say "spyware". That typically implies malware. Google is quite upfront that they use tracking to improve their ad targeting. If that's a concern they also offer an opt-out of ad personalization.
Isn't Chromium the opensource version of Chrome?
From ungoogled chromium's README:
So you have to get a specific ungoogled version? I'll stick with Firefox but thank you for enlightening me!
I use Firefox also, it's way more customizable.
Most Linux distros will provide a binary of Chromium built from the official source and it's up to the package maintainers to apply any un-googling patches.
"ungoogled chromium" is one of many unofficial versions/forks (Inox, Bromium, Iridium, Debian official package, etc...) that allows one to build Chromium without most Google services or proprietary binaries.
I have used Wickr as a Messaging service, the app seems legit, they also have a desktop client, never used the desktop program though.
This is the app that all the criminals use around where i live, i know this since those people are the ones i can acquire the freshest salad from. Somehow this app gets around giving up information to the police, that kind of speaks of what kind of security it has, i guess?
You can set a message burning timer so that it de fragments(or perhaps its another term for how it works on a memory card?) your own messages on their phone.
This might be something you guys should look closer at. Last time i used it it even had a video verification system added. I have stopped eating salad though, so things might have changed.
Does Privacy Badger have a Firefox desktop addon? Looks to me it only have a chrome and Opera one.
Is there any truth to the paradoxical claim the more extensions you have, the less private you actually are?
The argument I’ve heard goes something like this: the more privacy extensions you have, the easier your browser is to fingerprint because even having the extensions at all is an extra bit of information that can be tracked, and the more extensions you have, the more unique your browser is.