Encrypt all the things!

Posted on
of 115
  • Get off social media

    I stopped using Facebook a while ago. Only deactivated as I have to reactivate it briefly once in a while.

    I'm guessing LinkedIn is ok? I don't use it much its just there as a presence.

    I use Twitter too but not with my name or a photo of me. Is that ok?

  • I already have MFA configured on everything I can, but mostly using push notifications/Google Authenticator. Google gave me a $100 voucher when I got my Pixel 3A from them and there's nothing on their site I need, so I thought I'd get a Titan Security Key. It came with a USB key and also an NFC/Bluetooth one.

    I auth through almost all work things via Okta, so being protected by Okta MFA to get into 20+ different services with a single piece of hardware as my second factor is actually very good. Every time one opens Okta's Admin Panel you now have to authenticate via MFA and the session timeout is less than 10 minutes, so having the key plugged in removes that step about 20 times a day. Most helpful.

  • Looks like Lastpass has tripled in price from $12 to $36 per year. Think that could be enough to push me to another option.

  • Bitwarden is nice :)

  • More thoughts on Garmin privacy - You can use whichever device you have in an offline capacity, and manually take the .fit / .tcx /.whatever files off the device, and anlyse them on your local machine using something like Golden Cheetah.

  • Also, more thoughts on Xprivacy.

    Reading around a bit, it appears that Xprivacy (rather the latest iteration, XprivacyLUA) is actually a bit rubbish, and not only doesn't block things (it *claims* to provide fake data instead), it only does for a subset of identifiers, at the whim of the developer.

    In the absence of any alternative, however, ¯\_(ツ)_/¯

  • This is what I've done for years, using WKO3. I never enable WIFI or BT on it. Less about security and more about battery life.

  • +1 for Bitwarden

  • +1 for Bitwarden

    What's the thing with Bitwarden.
    Is it really completely free as they claim?

  • Bitwarden synology friendly?

  • Is it really completely free as they claim?

    The core feature set is free. For personal accounts, there are extras like extra storage, automated checks against the various have-I-been-pwned databases and FIDO U2F support (for logging into your Bitwarden account) in the paid service ($10/year atm).

    @ChainBreaker https://stuffwebuyonline.com/technology/­it-pro/install-bitwarden-docker/

  • .

    1 Attachment

    • Screenshot_20190817-233631_Twitter.jpg
  • Fucking hell.

  • Twitter doesn't do proper 2FA. This allowed Jack Dorsey's Twitter account to be hacked by simple and indirect social engineering to take over his phone number.

    So he and his company deserved everything the hackers could have done. Shame they wasted the opportunity on childish racist tweets.

  • If I read that right, they used that feature where you text in your tweet - which doesn't require any authentication at all, let alone 2FA.

  • Hello looking to get a new VPN as my subsciption to my old one has expired but there are so many out there now just want to narow it down to a decent one, im away from the uk so it will mainly be used for watching uk tv/ radio for sports stuff. What are poeole using now ?

  • Not that helpfully I use Nord and PIA and both are hit and miss for things like iPlayer. You sometimes get lucky but often not.

    My usual option for watching UK stuff when I'm not in the UK is my own VPN which is a raspberry pi on my home connection. Not that useful if you're not UK based.

  • cheers ill look at nord and pia. i used pure vpn before it was good but could seemed to slow every thing down on my laptop

  • If you think it was their software slowing things down then most of the VPNs, pure included, have config files that allow you to use the OpenVPN software.

  • ah ok ill take a look.

  • My set up is as follows:

    Home=unlocator, smart dns rather than vpn so only kicks in when you need to unlock a stream which is otherwise locked (iPlayer, itv, etc). It’s setup by manually changing the dns settings on your router so all devices are covered. Sign up to the Netflix beta for us Netflix which gets movies 6 months sooner than UK Netflix (blame sky).

    Mobile devices=NordVPN, mostly reliable for bbc itv and Dave and means I can hook up to all the free Wi-fi here and read LIHKG worry free.

  • [ Bit of a dredge as I've been away... ]

    if one of them is a gmail address you can use the + to do this

    so test+company@gmail.com would go to the test@gmail.com inbox, and you can then filter on it.

    The problem with + addresses like this, e.g.


    is that most places that want to link your accounts (see V's post here: https://www.lfgss.com/comments/14838117/­) is that it is trivial for them to remove everything after the + and they've got your base address to compare.

    [ Long ago when I ran my own sendmail daemon (Don't do this kids) I changed the plus addressing symbol to _ so I could do username_lfgss@example.com and not struggle against sites that prevented addresses with + symbol in. ]

    This also goes for gmail addresses where you can move the . around at will, i.e.

    jo.bloggs@gmail.com is the same as job.loggs@gmail.com

    They disingenuous lot will just see a gmail.com address and remove all of the dots before the @ as they know that address will still work (and anything after a +). That can then be compared with other sites.

    My own paranoia means I've moved to a model where I have my own domain for email (but no longer run the MTA myself!) and try and use unique addresses for each signup and, more importantly, the unique addresses are not linked to the site in question, i.e. I wouldn't use:-

    lfgss@example.com bbc@example.com etc

    as it makes it relatively trivial to guess what that same persons email is on a subsequent site. I'd just pick something random each time, e.g.

    LFGSS: dave@example.com BBC: kettle@example.com

    It also means I can kill off much of the spam that automatically arrives to addresses like tumblr@ or twitter@ even though I've never ever used those aliases in my life.

    It's then simple to set up filters to move things into the right mailboxes (and name them appropriately, e.g. "LFGSS - dave" and "BBC - kettle".

    I need to rejig my email a bit as I've still got one legacy account that is POP3 and needs moving over to IMAP, but it is an address I've had for a long time and so it gets quite a bit of spam (and my existing spam solution needs partially rewriting to handle IMAP).

  • is the smart dns easy to set up ? ill have a read about that not something i have thought about. thinking of getting Nord for the mobile for LIHKG ;)

    although i struggle with chinese text so stick to there twitter posts they have started putting out english text posts :)

  • You know chrome translates it to very bad English.

    Smart dns

    1. Enter dns settings on router
    2. Log into account on pc/Mac/phone browser and press the button to refresh your ip address

    They now know all traffic from that ip is from you and route it according to where you need to appear from. Normally they have a free trial then fiver ish a month. I have the shortcut set up on my iPhone so it’s easy to re upload my ip.

  • All of this, from having your own domain and down.

    Even the 5 week run-your-own mail server hell-hole.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

Encrypt all the things!

Posted by Avatar for Velocio @Velocio