|
Cup Runneth Over posted:this site is impossible to use for me because I use a different vanity email address for almost every website Doing that greatly lessens the need for it, since the paired email/password from one site can’t compromise another one.
|
# ? Jan 10, 2021 02:02 |
|
|
# ? May 25, 2024 15:36 |
|
Cup Runneth Over posted:this site is impossible to use for me because I use a different vanity email address for almost every website Using Gmail+ addresses, or your own domain? If the later, you can sign up for alerts if any of your addresses are popped.
|
# ? Jan 10, 2021 02:11 |
|
Also, if you pay for 1Password, the watchtower feature will automatically alert you if any of your accounts that are stored are popped
|
# ? Jan 10, 2021 02:12 |
|
What's the consensus on using browsers to store passwords? Is it safe?
zaepg fucked around with this message at 03:23 on Jan 11, 2021 |
# ? Jan 11, 2021 03:18 |
|
zaepg posted:What's the consensus on using browsers to store passwords? Is it safe? They’ve definitely improved but I still wouldn’t use one outside of safari on an Apple device ( because keychain ) and would otherwise just prefer to use a dedicated password manager.
|
# ? Jan 11, 2021 18:39 |
|
I use the Chrome password manager for the majority of my passwords to inconsequential sites because it's convenient and works really well with an Android phone. If someone breaks in to my Gmail accounts they can reset most of those passwords anyways, so *shrug* My "important" passwords like banking, the Gmail accounts, etc. are stored in a separate KeePass database that I sync through my home server.
|
# ? Jan 11, 2021 19:25 |
|
The Fool posted:Using Gmail+ addresses, or your own domain? fun fact! that's actually a feature of SendMail/Postfix (I forget which) and should be supported wherever that is
|
# ? Jan 24, 2021 06:44 |
|
postfix had it out of the box first, IIRC, but there were a couple of m4 packages that made it work on sendmail too.
|
# ? Feb 2, 2021 06:01 |
|
Lain Iwakura posted:Don't spend money on anti-virus if you can help it; it is not worth any amount of money. This statement from the OP is about 4 years old. Is this still true? I ask because this is my situation: In the past I've used paid Malware Bytes and was fine with it, but changed to paid BitDefender a little while ago, and I really don't like how much it nags me and spams me. It feels like when I used free AVG ten years ago. (Both products were at the suggestion of my IT-minded friend with a computer service business.) So, I was considering changing what I use, went to find goon suggestions, and landed here. I use Windows 10, Firefox, and uBlock Origin.
|
# ? Feb 14, 2021 18:01 |
|
Magnetic North posted:This statement from the OP is about 4 years old. Is this still true? Its still pretty much true. Use the the poo poo thats built into windows 10, its as good as any other solution but doesn't expose quite as many surfaces to attack.
|
# ? Feb 14, 2021 18:34 |
I think this is a repeat question but: Is Veracrypt still the go-to solution for volume encryption across most platforms? Just need a like, 100mb encrypted volume that can be stored on various cloud and network volumes.
|
|
# ? Feb 22, 2021 04:37 |
|
Yes Veracrypt is still considered good. 7z may also be an option if it's not something you modify often. Edit: NM about 7z, you said volume encryption
|
# ? Feb 22, 2021 06:34 |
|
So I've been using Dashlane for almost a year now but am not too happy with the functionality (the autofill on it isn't really good so it rarely actually pops up to automatically prompt password changes or new accounts). I only really subscribed because they offered a VPN alongside the subscription so I thought why not. Also found out that the VPN they contract out to is apparently sketchy in terms of selling your log data. Among the Goon-approved password managers, are there any that can hit all or most of these features: 1) Built in VPN? I don't use a VPN that often where I feel its worth it to subscribe to one but when I do (like using public wifi for example) I like to be able to throw it on and also not hit any data limits like the free VPNs offered out there. 2) Easy import of Dashlane passwords and Chrome passwords 3) Password monitoring that searches leaked db's 4) Built-in password generator, non-password notes that can be added 5) Good UI and integration with Chrome (i.e. good autofill and prompts when it detects new accounts or pw changes) 6) Can be used and syncs across multiple devices. Also two optional, - it has a decent shared plan for two people. - can detect/change/autofill passwords in non-Chrome apps like Steam (Steam keeps constantly forgetting my password) or android apps
|
# ? Feb 23, 2021 04:13 |
|
Bitwarden checks most of those boxes, except the VPN (which is really unrelated to a password manager) and password leak detection bit. For the latter, you can sign up for haveibeenpwned for email notifications.
|
# ? Feb 23, 2021 04:15 |
|
Oysters Autobio posted:So I've been using Dashlane for almost a year now but am not too happy with the functionality (the autofill on it isn't really good so it rarely actually pops up to automatically prompt password changes or new accounts). I only really subscribed because they offered a VPN alongside the subscription so I thought why not. Also found out that the VPN they contract out to is apparently sketchy in terms of selling your log data. IMO you'd be better off looking for password manager and VPN services separately. They're solutions to two entirely different problems and as such there's a lot of outfits that do one or the other well but almost none that do both well. Also password monitoring isn't really super important if you're using a password manager properly because then you will have unique passwords for every service which mitigates the risk of a service being hacked. If you really want it then do as hooah recommended and sign-up for Have I Been Pwned notifications. This aside I don't really have any recommendations sorry. I run my own VPN with dedicated hardware and only use Password Safe on my home PC (Never really found the need to sync my creds).
|
# ? Feb 23, 2021 12:20 |
|
Aside from all of the lovely advertising, nordvpn has been pretty solid for me. The only exception is that sometimes under Alpine Linux the connection breaks for whatever reason. I haven't experienced that when using the (systemd-dependent) nordvpn app, or the windows app.
|
# ? Feb 23, 2021 16:11 |
|
alexandriao posted:Aside from all of the lovely advertising, nordvpn has been pretty solid for me. The only exception is that sometimes under Alpine Linux the connection breaks for whatever reason. I haven't experienced that when using the (systemd-dependent) nordvpn app, or the windows app. Weren't they caught lying about a) not keeping logs of your activity and b) having been compromised and having lost some user data?
|
# ? Feb 23, 2021 17:44 |
|
RFC2324 posted:Weren't they caught lying about a) not keeping logs of your activity and b) having been compromised and having lost some user data? Personally I use PIA as they're the only one who have seemingly been tested and come up good, having twice served empty logs to FBI subpoenas. No one should really consider a commercial VPN server a privacy device nor decide routing all their traffic through it is a good idea though. Run the VPN in a VM/separate machine if your use-case is getting linux distributions with some anonymity. Setup your own VPN if you're trying to travel / use free WiFi and want encryption.
|
# ? Feb 23, 2021 19:18 |
|
Khablam posted:Setup your own VPN if you're trying to travel / use free WiFi and want encryption. Might as well use cloudflare warp in this case. It's not as if they don't see all your traffic anyway
|
# ? Feb 23, 2021 19:19 |
|
Khablam posted:No one should really consider a commercial VPN server a privacy device nor decide routing all their traffic through it is a good idea though. Run the VPN in a VM/separate machine if your use-case is getting linux distributions with some anonymity. Sorry, a question for those of us in the back. I feel like what you're saying is "Run a Virtual Machine with a Linux Distro, inside of which the internet is all going through the VPN" but I don't understand how that would jive with the "Don't use a commercial VPN" statement from the start. Or is this some sort of alternative to a commercial VPN that I am not understanding?
|
# ? Feb 23, 2021 23:18 |
|
Magnetic North posted:Sorry, a question for those of us in the back. I feel like what you're saying is "Run a Virtual Machine with a Linux Distro, inside of which the internet is all going through the VPN" but I don't understand how that would jive with the "Don't use a commercial VPN" statement from the start. Or is this some sort of alternative to a commercial VPN that I am not understanding? "A VPN" as is now commonly used, refers more to the commercial solutions (aka NordVPN / ExpressVPN / private internet access / etc) whereby you're using the same connection technology to route everything through their servers instead. When installed through their installers, they will send all the traffic on the PC through the VPN connection. These are aggressively sold as some form of magical privacy solution for the modern web, which ignores entirely how the modern web and tracking actually work. I'm not sure if they advertise like this because they can't say "hey, use us to torrent idiots", actually want to dupe people into believing their marketing, or some combination of both. Regardless, people used these in the beginning because of the first thing. Trusting them on the second thing and routing all your traffic through them just seems dumb on the face of it, even before you look into things like NordVPNs massive compromise (which to be clear could happen to any of the providers, assume they're all incompetent). If you use one, just run it in a VM and run your clients there. On top of everything else, you'll discover it puts less strain on your probably-lovely ISP modem/router and leaves other machines able to maintain a low ping on the same network, including the host machine.
|
# ? Feb 24, 2021 00:25 |
|
Khablam posted:Trusting them on the second thing and routing all your traffic through them just seems dumb on the face of it, even before you look into things like NordVPNs massive compromise (which to be clear could happen to any of the providers, assume they're all incompetent). lol, yeah I don't route all my traffic through it. My brain trashed the context for this thread, so i figured this was common knowledge eep
|
# ? Feb 24, 2021 00:45 |
|
a friend of mine has a seedbox he that I have shell access to, so I just do that
|
# ? Feb 24, 2021 03:54 |
|
RFC2324 posted:a friend of mine has a seedbox he that I have shell access to, so I just do that (is it ok to ask this question here?) Are seedboxes just like vps-es but for seeding? I don't really understand the difference :/
|
# ? Feb 24, 2021 04:26 |
|
alexandriao posted:(is it ok to ask this question here?) Yes, you take advantage of fast unthrottled bidirectional connections available at data centers to download torrents quickly as well as seed them back to the rest of the torrent pool.
|
# ? Feb 24, 2021 04:51 |
|
Midjack posted:Yes, you take advantage of fast unthrottled bidirectional connections available at data centers to download torrents quickly as well as seed them back to the rest of the torrent pool. Yes, but how much can I treat it like a vps. Is it just that they're designed for seeding, or is there a totally different access model or setup that prevents me using it as a vps -- is there any reason why I shouldn't do that?
|
# ? Feb 24, 2021 07:20 |
|
alexandriao posted:Yes, but how much can I treat it like a vps. Is it just that they're designed for seeding, or is there a totally different access model or setup that prevents me using it as a vps -- is there any reason why I shouldn't do that? It’s just a computer. If you set it up as a seed box it probably just has stuff to support doing that like a torrent client and networking services in addition to a bare bones OS. If you can ssh into it you can probably reconfigure it to do whatever you want. If you didn’t set it up yourself but instead you’re renting a “seed box” as a turnkey setup from a hosting provider then you may not have the privileges you need to change it drastically.
|
# ? Feb 24, 2021 07:28 |
|
Khablam posted:A VPN is just a private virtual network (yeah I'm sure you know the acronym) which before a handful of years ago was pretty much only used in enterprise settings to communicate between branches securely. Some nerds would also run OpenVPN back to their home when using their phone/laptop or something, but it was never widely adopted. Okay, that all basically jives with what I thought (which is at least partially based on the Tom Scott video which I imagine is somewhat basic.) Two follow up questions: Does the Virtual Machine portion of this offer anything outside of 'not having to use a separate computer to access whatever you wish to access anonymously'? Last year, I started doing a virtual machine for my social networking so that 1: to separate any tracking in its own little prison and 2: it's an inconvenience to check so I don't look at Facebook. (I have since gone on a total social media diet, so I don't check it at all anymore.) Would it be the same if I just had a separate computer that I only used for social media, or is there something specific about VMs? Does the same principle apply to VMs in the cloud? As I dip my toes further and further into Azure at work, I sometimes daydream about spinning up random VMs in the cloud to do cool poo poo. My previous experience is all with VirtualBox locally.
|
# ? Feb 24, 2021 11:24 |
|
I use a VM because it solves the problem for me in the lowest-friction way. i.e. isn't using a whole-rear end other machine for something that runs fine with one core and 4gigs of RAM assigned to it. You'll also be sharing a folder(s) from the host to the VM for the actual data storage, which in conjunction with just sonarr means everything is dropped into it's right place at disk-speed and reliability, not network speeds and whatever way you want to automate copying it over from the other machine. I'm also in a country which has endless content blocks accessing both the websites and trackers you need, so being able to alt-tab into a browser is nicer than needing to RDP into a machine stuck in a closet or something. I don't have much to say about cloud VMs, except anything that isn't sold as a seed-box will pretty quickly tap you on the shoulder about your traffic profile, VPN or not.
|
# ? Feb 24, 2021 11:55 |
|
These questions are about the nature of Cloud more than your original questions about VPNs but I'll give a whack at it. If you just need a generic computer somewhere, it doesn't matter what they server is billed as. If it's a computer that you can fully access and utilize the OS, including software installation and root/admin access. If you have those things you can pretty much do whatever you want on the VM. You can install all kinds of poo poo on a seedbox, or a cloud VM, or a VPS, or anything else. It's just a computer running on someone else's hardware that you rent. This should answer both of your questions, but just to make sure you understand the context, the benefit of Cloud is in 3 things:
I have a bunch of poo poo in GCP, because GCP has a very not well known "Always Free" tier of services that I can run websites on. I found some Ansible projects to set up a webserver and even copy my lovely website code to them automagically, which means I only have to worry about DNS and everything's running. Since you were asking about VPN, take a look at Algo and how it functions: https://github.com/trailofbits/algo It will set up a VM in the cloud and install all the software necessary to make it work. When I travel overseas I usually set one up in the GCP Free Tier to access US netflix, and the house.
|
# ? Feb 24, 2021 14:37 |
Okay so actually for real what does using a VPN do if I have force-encryption enabled in my torrent client? I've yet to hear a compelling argument in their favour beyond the commercial ones that let you watch US Netflix
|
|
# ? Feb 24, 2021 14:41 |
|
your home IP doesn't show up on riaa/mpaa's seedbox log, so they can't sue your rear end for $5 sorry i meant $5000, a digital copy of a song is expensive poo poo!
|
# ? Feb 24, 2021 14:44 |
|
Despite what Lowtax and countless Youtubers will tell you, VPNs do not provide privacy or security in any way. The Tom Scott video linked above covers that pretty well. Seriously, watch this poo poo. https://www.youtube.com/watch?v=WVDQEoe6ZWY What provides privacy are browser extensions and other poo poo (pihole, etc) that block cookies that identify who you are to advertisers and the websites you visit. Like Truga said, VPNs just shift your outbound public IP address from wherever you are to their IP. You want privacy? Here's a pihole project you can run in GCP that includes VPN: https://github.com/rajannpatel/Pi-Hole-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-Wireguard-VPN-Configs Used to be an Ansible thingy for this but I can't find it.
|
# ? Feb 24, 2021 15:06 |
|
ChickenWing posted:Okay so actually for real what does using a VPN do if I have force-encryption enabled in my torrent client? I've yet to hear a compelling argument in their favour beyond the commercial ones that let you watch US Netflix Torrent encryption is just meant to provide prevention against traffic shaping, which it also doesn't.
|
# ? Feb 24, 2021 16:05 |
Khablam posted:Torrent encryption does nothing worthwhile - you can see the IP of everyone in the swarm you're connected to. If you're somewhere where your ISP is legally or contractually bound to take action if notified you're infringing (read: most western counties) you'll still get letters through your door, escalating to whatever is relevant in your jurisdiction. Okay excellent I can file that one as outdated. Updated question: Okay so actually for real what does using a VPN do? I've yet to hear a compelling argument in their favour beyond the commercial ones that let you watch US Netflix
|
|
# ? Feb 24, 2021 21:36 |
|
Thanks for all the answers. It's been enlightening.
|
# ? Feb 24, 2021 21:37 |
|
ChickenWing posted:Okay excellent I can file that one as outdated. Updated question: VPNs are most commonly used by businesses to allow a remote worker secure access to network resources at the office. They’re slowly falling out of favor as things move more towards saas and zero trust models.
|
# ? Feb 24, 2021 21:41 |
Sorry, should have qualified - what does using a non-corporate VPN do? Like, is there any real reason for me, an average joe who is not a whistleblower or confidential source or policitcally important person, to subscribe to Joe's Logless VPN Hut?
|
|
# ? Feb 24, 2021 21:59 |
|
ChickenWing posted:Sorry, should have qualified - what does using a non-corporate VPN do? Like, is there any real reason for me, an average joe who is not a whistleblower or confidential source or policitcally important person, to subscribe to Joe's Logless VPN Hut? Properly deployed (those words are doing a lot of work) VPNs are good for protecting your traffic against eavesdropping by people on the network between you and the VPN endpoint, such as a cafe's wireless network. Yeah okay everyone is using TLS these days but even with that an observer can still see what sites you visit and maybe you don't want that for whatever reason, like you're a whistleblower at Theranos and don't want Holmes's goon squad to shake down the cafe to see if you were on WhatsApp while you were there. If you are running your DNS over the VPN or have your own DNS on your LAN you can also use a VPN to shield your traffic from your ISP if you're concerned about them being hostile or datamining your traffic (again even if your content is encrypted they can see what sites you visit). However, as noted above you are ultimately typing your login into your bank's website and even if you're "anonymously" browsing there are a number of techniques that can be used to track your browser. So a VPN is helpful but certainly not a 100% privacy solution on its own.
|
# ? Feb 24, 2021 22:25 |
|
|
# ? May 25, 2024 15:36 |
|
ChickenWing posted:Sorry, should have qualified - what does using a non-corporate VPN do? Like, is there any real reason for me, an average joe who is not a whistleblower or confidential source or policitcally important person, to subscribe to Joe's Logless VPN Hut? With HTTPS traffic you don't need to hide the content, but the origin is still visible which this hides. The above two states are why you might want to run your own VPN home when out of the house. A commercial VPN solution replaces your house with their datacentre. In security you always have to look at your threat model. Who is out to get me? What can I lose? These VPNs are used for torrents because your adversary can cause you a lot of trouble, but they also have very limited powers. By simply shifting your identity to be a customer of a data-centre who do not log, the RIAA/MPAA/et al have no means to determine your identity. If you're anyone mentioned in your post, the same VPN solution is useless because any part of that infrastructure (ISP or VPN) can be coerced into modifying their systems to identify you. In those situations you use tor (and have to use it correctly) to try to make your identity "any tor user". tl;dr is commercial VPNs do not do what they advertise. No-one gives a poo poo what your IP is any more, they look at your browser. This should be patently obvious to anyone who has realised tracking is still a thing when large homes / workplaces / universities / municipal wifi / etcetc mean large pools of people will share an IP, but here we are.
|
# ? Feb 25, 2021 11:48 |