5 Ways to Lock Down Your Privacy
-
@mossman Zoom out with Ctrl+Minus, or using the buttons/slider in the Status Bar.
-
@pesala said in 5 Ways to Lock Down Your Privacy:
@mossman Zoom out with Ctrl+Minus, or using the buttons/slider in the Status Bar.
In Chrome in Android?!?
-
@mossman Probably some bug with our style sheet, this button shows up on desktop so you can click on it and "hide" it for a while so you can continue your reply later.
-
@morg42: i just mean they would be less secure mainly because security is not their top priority.
other things are being focused on like making it easy and convenient for most people to use which means they allow things like resetting your password from your email. theres no end to end encryption since most people wouldnt want that hassle. basically things seems like they are designed to be more convenient than secure. it seems pretty much the same thing in the end, you have your passwords in an encrypted container, but at least with something like lastpass the walls would be a lot harder to breach.im not sure if i heard the reports you mentioned, but ive yet to hear anything yet that has made me flinch. i would bet if security researchers were looking into the security of dropbox as much as they are with lastpass or whatever then they would find just as many weaknesses.
-
I make my words as @morg42's words. Once you have a good master password and encrypt the file this file is automatically secure. I could upload the file here on the forums or send it directly to the NSA and my passwords would not be discovered because nobody would be able to decrypt it or find out my master password.
Also I'm sure that the file is incredibly secure because it's open-source and has been verified and audited by security experts all around the globe. With online services all you have is their word that it's secure and that they were audited, you are just accepting their word.
So even in the case my computer is hacked, or whatever cloud service I use to upload/sync my password file is hacked, it does not matter because my encrypted file is absolutely secure, nobody will be able to do anything useful with it.
even if everything stays on your home network, most people arent technical enough to having things set up that they know there are intruders snooping around while most online services would have a much better chance of detecting things like that
If your device is compromised you are completely fucked no matter which option you choose. The intruder will know what you are opening and what you are typing, the intruder will know your master password and what password manager you use. If it's online it's even easier because this intruder won't even need to download your password file, though not that hard to download either.
Also, when you use an online service you are exposing yourself to more attack vectors, like MITM (like if you install a malicious extension). One just needs to compromise your browser or even a single site.
i definitely wouldnt recommend a free online password manager
companies like lastpass
Contradictory, LastPass is free, paid services only add extras.
-
@an_dz: An update.
I've read the privacy policy of both 1password and LastPass.
Don't use LastPass, 1password is good.
-
@mackrevinack said in 5 Ways to Lock Down Your Privacy:
@morg42: i just mean they would be less secure mainly because security is not their top priority.
As an_dz has said already, all security in password managers lies in the local encryption. Post the encrypted file on reddit for all I care... any online service can not make your encrypted data "more unsafe" than it is. (and also, no online service can make it "more secure")
other things are being focused on like making it easy and convenient for most people to use which means they allow things like resetting your password from your email.
Sure, this seems necessary anyway. I wouldn't want to give my home phone for password reset (at least not to most companies).
And unencrypted information isn't only unsecure on any cloud service - it's good as gone the moment you send it over the internet without encryption, no matter what happens with it afterwards.
theres no end to end encryption since most people wouldnt want that hassle.
There ist, fortunately. It's called TLS and implemented in your browser. But this only protects the transfer. The cloud service still has your unencrypted data.
So encrypt everything locally before you store it online. There was a program for Dropbox sometimes, I think it's called boxcryptor. It encrypts your data on your PC and then syncs it to Dropbox. Just the way to go, if you need to store data online.
And btw - that's exactly what proper password managers do
I tried and decided against 1password - not because they offer bad service or have bad encryption, but because (when I tried it out) they stored each password in a different file which was named for the respective service. While this doesn't lessen the strength of the encryption, syncing these files via Dropbox does give away which services I use. I didn't want that then (and still don't want it today).
it seems pretty much the same thing in the end, you have your passwords in an encrypted container, but at least with something like lastpass the walls would be a lot harder to breach.
No. The walls of my encrypted password container are as hard to breach as it comes (and is practical). But lastpass or 1password offer comparable strength encryption and with that, basically the same security.
i would bet if security researchers were looking into the security of dropbox
Why should they? Dropbox makes no (credible) attempt as to securing your files. They just store them, not more.
-
I am sorry, but it is kind of ridiculous that you are not able to see this exact blog post without turning tor off or javascript on. Sorry, but I really dislike that [especially since my feed reader basically can never fetch the feeds without me manually disabling the TOR SOCKS].
-
@cqoicebordel: Haven't tried it, but it should be possible already.
-
I must disagree regarding using a VPN.
You give your information to your ISP, who is probably regulated by your government.
Why would you turn around and give it an unknown VPN owner whose business model you are not familiar with?
There are a couple of reputable VPNs out there, but not many I would trust.
Wanting security/privacy/anonymity would (IMHO) requires a combination environment like TAILS (Secure OS, privacy oriented browser, etc).
Steve Gibson (grc.com) has a couple of neat utilities to generate passwords (look under the Services menu). After that a good Manger may be required but I store mine in an encrypted spreadsheet on the machine and a USB drive. -
@Gwen-Dragon said in 5 Ways to Lock Down Your Privacy:
But with such spreadsheet you can not use a secure clipboard to copy&paste the login/password.
Hmm... quite right. Had never thought of that!
-
@Gwen-Dragon said in 5 Ways to Lock Down Your Privacy:
But with such spreadsheet you can not use a secure clipboard to copy&paste the login/password.
... and that leaves the browser as SPoF - because it must send it and therefore it needs to be unencrypted (not speaking about GET and POST or HTTP or HTTPS) and that's the weak point. Assuming you need a secure clipboard means assuming you already have a parasite on your computer - and the easiest way to get the password is the browser.
-