@greybeard It tends to amaze me how badly some people seem to misunderstand this concept. Mind you, i honestly feel that browser marketers don't do the cause any good by choosing wilfully ambiguous names like "Private" or "Incognito" mode ... for the type of user disinclined to actually read fine-print nor otherwise investigate for themselves, such ambiguity is dangerous.
Iirc in V over the years the forum has seen many discussions on just this point.
I still find it really difficult to garner much sympathy for these victims.
Are they making really regular + frequent backups AND storing them offline?
Are they using windoze?
And... It gets worse. Today I found this:
It is a company teaching young children to learn - with youtube videos and detailed analytics. Apparently that improves the quality of learning and helps teachers bond with students?
And they think they are worthy of teaching teachers "how to build strong relationships with your students and their families".
I guess, learning how to use edtech from the makers of the products is something teachers are proud of, and not an ad?
Also, there is the Student Privacy Pledge, which allows edtech companies to look like they're committed to privacy but is rarely enforced. Even companies with bad security and privacy standards take the pledge, and then they get hacked or share student data, and then they are still a member.
There's money involved in everything that I've mentioned in this thread. It would be better to just hang up advertising banners at schools, at least it would be more clear what is and isn't an ad.
@Catweazle I have a GPG crypted text file with over 100 passwords for all the things I do online. Because those wallets have failed so many times. And if one uses good passwords, no need to change them often unless you hit such a hidden vulernability. Studies have shown that if password change was enforced, people started to use systematic password creation algorithms that make the passwords much more vulnerable. Of course, I'm not using the same password for all sites.
@bioji, an external viewer certainly has advantages, but not so much for memory, but a reader like Okular offers many functions than an extension can offer, since it is capable of opening not only PDF files, but also many other formats.
The disadvantage is, of course, that to read the files, you have to download them first, but I think that with Vivaldi's own PDF reader incorporated as a function, you can choose to download it or view the file online.
For me personally, the PDFreader that Vivaldi brings as standard is enough, which works perfectly for me.
For eventual PDFs that I download, I have Libre Office, which also handles them quite well.
@alanaalison thanks. even google services use third party cookies, i wonder how they will stop that without breaking the service. moreover i don't get if there will be no more of them within chromium too...
I personally don't use any business or institution that requires installation of Microsoft Windows or an Android app that relies on Google Play Services / is only available in the Play store.
The only way we can persuade institutions to support other platforms is to vote with our feet. It's an inconvenience at times but the alternative is to surrender and compromise your own principles and choice.
Years ago my bank recommended Trusteer and it brought my Losedows system to its knees and was almost-impossible to remove, whilst simultaneously never being clear on what exactly it did. I think it also clashed with the antivirus I was using at the time, and when faced with a choice of anything or Norton, anything else wins hands-down for me all day long.
I never have a problem with software availability on AOSP or various flavours of Linux. There's a tool to do everything I need. Anything that's not available I don't miss.
My bank uses SMS 2FA, and whilst it's more vulnerable than a proper 2FA app such as Aegis, I'm happy to use it as it's still more secure than no 2FA at all. As was pointed-out further along this thread, they'd have to get both your login credentials AND initiate a SIM swap on your phone. In short, you'd have to be targeted specifically - in which case getting-in to your online banking will only be part of your worries.
Another thought I've had, that may be of use: My bank also allows me to use a card reader as 2FA - you put one of your bank cards in it, enter your pin and the code on screen, and then type the code that the card-reader says back in to the web site. One solution might be to activate your bank account with a SIM card that you only use for that bank and nothing else, and always leave at home in a safe place - and then use your card/card-reader as your main form of 2FA. If the phone number is unique to your bank, it's less likely that a crook would get hold of it and try to initiate a SIM swap.
Regarding mobile apps, the latest updates of my bank's app won't work without Google Play Services, so I've stopped using it and now solely use the web site. Additionally, I noticed that Exodus Privacy gives their app a pretty terrible score for analytics, ads and trackers. Why a bank would include such security-risks in their own app is beyond me. There should be no third-party code in such a security-critical program.
IMHO nothing is worth the drop in security, privacy and freedom that you suffer by installing Microsoft Windows, Apple iOS or an Android build that still contains Google Mobile Services. A "security" solution that requires such things, requires you to lower your security.
@Catweazle Yes, I think it is smaller than we thought.
Also, maybe fingerprinting is not necessary, here are my Cloudflare Ray ID's changing:
The extension "Privacy Pass" is what I am using (That way, I can change my ID without getting blocked a lot), it is buggy now but hopefully Cloudflare and hCaptcha will continue to fix it.
And, hopefully Vivaldi will implement the good parts of Google Privacy Sandbox, which includes a "budget" for how many parameters sites can collect about the user. Before the Sandbox, if I were to impose this "budget" on sites, it would just make me stand out more, but if Chrome uses it, it will not make me stand out.
@luetage said in Google Extensions - Crypto Token [What it Does]:
It surely was a mistake, the only thing that could rectify the situation is either hiding the option to disable the extensions, or showing a popup on trigger, with a text warning the users about what exactly will break.
I partly agree. But like I said I hope Vivaldi will still give us the option of disabling components and system extensions we have no need for. Maybe only for advanced users, i.e. hidden under experiments.
One of the (many) things I dislike about Chromium is its tendency to sneakily introduce new Google experiments like FloC, Crowd Deny, Zxcvbn and so on. Apparently the latest one (just noticed it in User Data) is "hyphen-data".
Some of these might be innocent, others are clearly ways for Google to experiment with different data-collection stuff, like FLoC which thankfully seems to be broken in Vivaldi, possibly intentionally by the team.
The way Google sees things, Chromium is not meant for casual users, so it can be used as a platform for publicly testing stuff before it's put into Chrome. The result of this is of course that Vivaldi users (at least Snapshotters) end up as lab-rats for various Google experimentation.