I've been feeling quite sickened about this since TechCrunch disclosed it the other day, & now also zdnet & others have picked it up. It's deplorable, but my opprobrium is not directed at PM, instead at the French cops & the despicable laws that enabled their fascistic action. Once they decided to target schoolkids striking for meaningful climate action [these kids are heroes!], afaik neither Europol nor the Swiss gov't, thence PM, had any legal discretion to resist.
Using a VPN might have helped, but the browser-fingerprinting bit is worrisome.
Oomans are idjits.
@Catweazle I have a GPG crypted text file with over 100 passwords for all the things I do online. Because those wallets have failed so many times. And if one uses good passwords, no need to change them often unless you hit such a hidden vulernability. Studies have shown that if password change was enforced, people started to use systematic password creation algorithms that make the passwords much more vulnerable. Of course, I'm not using the same password for all sites.
@bioji, an external viewer certainly has advantages, but not so much for memory, but a reader like Okular offers many functions than an extension can offer, since it is capable of opening not only PDF files, but also many other formats.
The disadvantage is, of course, that to read the files, you have to download them first, but I think that with Vivaldi's own PDF reader incorporated as a function, you can choose to download it or view the file online.
For me personally, the PDFreader that Vivaldi brings as standard is enough, which works perfectly for me.
For eventual PDFs that I download, I have Libre Office, which also handles them quite well.
@alanaalison thanks. even google services use third party cookies, i wonder how they will stop that without breaking the service. moreover i don't get if there will be no more of them within chromium too...
I personally don't use any business or institution that requires installation of Microsoft Windows or an Android app that relies on Google Play Services / is only available in the Play store.
The only way we can persuade institutions to support other platforms is to vote with our feet. It's an inconvenience at times but the alternative is to surrender and compromise your own principles and choice.
Years ago my bank recommended Trusteer and it brought my Losedows system to its knees and was almost-impossible to remove, whilst simultaneously never being clear on what exactly it did. I think it also clashed with the antivirus I was using at the time, and when faced with a choice of anything or Norton, anything else wins hands-down for me all day long.
I never have a problem with software availability on AOSP or various flavours of Linux. There's a tool to do everything I need. Anything that's not available I don't miss.
My bank uses SMS 2FA, and whilst it's more vulnerable than a proper 2FA app such as Aegis, I'm happy to use it as it's still more secure than no 2FA at all. As was pointed-out further along this thread, they'd have to get both your login credentials AND initiate a SIM swap on your phone. In short, you'd have to be targeted specifically - in which case getting-in to your online banking will only be part of your worries.
Another thought I've had, that may be of use: My bank also allows me to use a card reader as 2FA - you put one of your bank cards in it, enter your pin and the code on screen, and then type the code that the card-reader says back in to the web site. One solution might be to activate your bank account with a SIM card that you only use for that bank and nothing else, and always leave at home in a safe place - and then use your card/card-reader as your main form of 2FA. If the phone number is unique to your bank, it's less likely that a crook would get hold of it and try to initiate a SIM swap.
Regarding mobile apps, the latest updates of my bank's app won't work without Google Play Services, so I've stopped using it and now solely use the web site. Additionally, I noticed that Exodus Privacy gives their app a pretty terrible score for analytics, ads and trackers. Why a bank would include such security-risks in their own app is beyond me. There should be no third-party code in such a security-critical program.
IMHO nothing is worth the drop in security, privacy and freedom that you suffer by installing Microsoft Windows, Apple iOS or an Android build that still contains Google Mobile Services. A "security" solution that requires such things, requires you to lower your security.
@Catweazle Yes, I think it is smaller than we thought.
Also, maybe fingerprinting is not necessary, here are my Cloudflare Ray ID's changing:
The extension "Privacy Pass" is what I am using (That way, I can change my ID without getting blocked a lot), it is buggy now but hopefully Cloudflare and hCaptcha will continue to fix it.
And, hopefully Vivaldi will implement the good parts of Google Privacy Sandbox, which includes a "budget" for how many parameters sites can collect about the user. Before the Sandbox, if I were to impose this "budget" on sites, it would just make me stand out more, but if Chrome uses it, it will not make me stand out.
@luetage said in Google Extensions - Crypto Token [What it Does]:
It surely was a mistake, the only thing that could rectify the situation is either hiding the option to disable the extensions, or showing a popup on trigger, with a text warning the users about what exactly will break.
I partly agree. But like I said I hope Vivaldi will still give us the option of disabling components and system extensions we have no need for. Maybe only for advanced users, i.e. hidden under experiments.
One of the (many) things I dislike about Chromium is its tendency to sneakily introduce new Google experiments like FloC, Crowd Deny, Zxcvbn and so on. Apparently the latest one (just noticed it in User Data) is "hyphen-data".
Some of these might be innocent, others are clearly ways for Google to experiment with different data-collection stuff, like FLoC which thankfully seems to be broken in Vivaldi, possibly intentionally by the team.
The way Google sees things, Chromium is not meant for casual users, so it can be used as a platform for publicly testing stuff before it's put into Chrome. The result of this is of course that Vivaldi users (at least Snapshotters) end up as lab-rats for various Google experimentation.
@Dr-Flay, of course a page has all the data that cookies, fingerprint and others can provide
This forum knows what OS you are using, your IP, the country you live in and other things, apart from the data that you provide with your registration and publications.
But the question is not this to be considered private, but the treatment they give to this data, if they track your activities on the network, such as Google, FB, Amazon and others, who read your mail like Google, who sell this data to third parties , as do those mentioned and others
Nothing to do with the anonymized data and statistics that Vivaldi collects, this affects privacy as little as the town hall guy on the roadside counting the cars that pass by, this also does not affect the privacy of the drivers, regardless of how long the results are kept to compile the statistics.
@runboy93 SearX, using the Swiss instance https://searx.fmac.xyz, POST, & configured to use multiple engines including gargle if you want, is a better option.