@lemann Thank you! Yea, many of my contact's emails are probably on Yahoo instead, so it's not that much of a biggie. I know nobody using Tuta or Proton or whatever. And probably they no longer care since most people use their emails only for logging in to websites that don't support SSO with social networks/Google and just outright create a new email if they forget their password to that. But hey, less data for Google is still less data for Google.
Contacts has a Trash can. Deleted contacts are deleted after 30 days. You can empty the Trash yourself. Log into the web interface and find Trash on the left.
Thats just a user frontend showing your personal view of things . Nobody outside Google knows for sure if they really remove it from their end. All we know is they COULD keep a copy for themselves.
We have no visibility into Google’s internal processes. The developers that work on the product would probably know, but the rest of us can only guess.
If you get Bitwarden pro (really cheap), you can save an OTP link together with the site credentials, it’s really good for keeping everything in one place
This isn’t really a good idea because then you’re putting all your eggs in one basket. The whole point of 2FA is that the second factor is in a separate location so if your first factor (password) gets compromised the second one (OTP code) still protects your account. If both factors are in one place you’re back to a single point of failure instead of 2, losing a key benefit of 2FA.
If you’re gonna do this, at the very least have 2FA with a security key on your bitwarden vault.
You lose security, sure. But you are gaining so much more ease of use. Bitwarden autofills your credentials and puts your token into your clipboard. Also it syncs your tokens to all devices. Effectifly this makes a site as easy to login as a site without 2fa.
The alternative is on desktop always get your smartphone, open some app type a token or on the phone to switch to multiple apps to get your credentials. Not fun imho.
I currently activated 2fa on over 60 sites, I doubt I would use it as much without BW.
For me, the key benefit of 2Fa is getting more security against leaked, stolen, phished passwords, and that still holds up.
The alternative is on desktop always get your smartphone, open some app type a token or on the phone to switch to multiple apps to get your credentials. Not fun imho.
There are desktop apps for OTP, you don’t need a phone. And since you only need to setup an OTP secret once, doing it for your phone and pc isn’t that big of a deal.
I have my OTP secrets in 3 places, 2 yubikeys and my phone’s authenticator app, with the former meant for my PC.
For me, the key benefit of 2Fa is getting more security against leaked, stolen, phished passwords, and that still holds up.
If your vault doesn’t have 2FA too this doesn’t hold up though. Means you’re trusting a single service that can get hacked with all your secrets. Sure, your other accounts are more protected against leaks and stuff, but if your password vault isn’t, you didn’t really change much, just pointed the hackers to one single place.
Yes I know hacking a password vault isn’t some walk in the park and rarely happens, but the point is any leaks from it would be 10 times more catastrophic for you if all your OTP secrets are also stored in it. I’ll spare myself from that nightmare with the small inconvenience that is a separate, offline OTP app.
Would be nice if it was possible to subscribe to en email to receive this blog automatically. Also, would be nice to post youtube links via piped or some other front-end app, since its about privacy :)
yeah never used that to be honest, I guess I have a reason to check it out. Still, to reach people a newsletter straight into an inbox is better. What RSS is recommended?
It should be safe. It only shares the secrets with legit domains. That’s one of the powers of this tech: it won’t share your secrets with something that looks like a legit domain.
No, some of the functionality is definitely accessible without that, e.g. if you use ykman oath accounts code on Linux to read the TOTP codes you don’t need to click and I seem to recall some of the functionality has a configurable click requirement.
I don’t know how much content there is to share, so you might be overflowing with things to talk about every week. But I fear that doing so much effort weekly could be unsustainable. I would suggest, or hope you consider, a less freqent blog/podcast, like every other week. I think this would be more modest, and easier to maintain. You wouldn’t need to change to title of the blog, either.
Anyway, this is an exciting project and I’m thankful for your work.
On a grandfathered visionary 2 year payment plan with a year remaining, so no change plans yet, but I’m keeping a list of annoyances and concerns for renewal considerations.
Email
Really want snooze/delayed email reminders for specific emails. What Mailbox from Dropbox? used to have, and Inbox had before it was merged with Gmail.
Annoyed I can’t delete pre-proton pass aliases
No android (bidirectional) contact syncing. Been using EteSync.
Have multiple family members on the plan
Calendar
Use daily. I had issues with the number of clicks it took when adding emailed invites that didn’t get picked up automatically. Have not noticed in awhile if this is still an issue but I also don’t get as many invites.
Passwords
I use BitWarden
Been using Proton Pass aliases, but I’m on the fence due to it creating a vendor lock-in situation
VPN
Use ProtonVPN for port forwarding situations.
Use Mullvad otherwise as my daily driver.
Drive
Proton - I use if I need to share a file with someone else in a pinch
rclone/b2 - Main off-site backup solution with my own encryption keys. RoundSync for android to backup my phone to b2.
I tried rclone proton support the week it was merged. Worked okay. I tried syncing some ISO backups though and it just sat forever. Didn’t troubleshoot and just kept using b2.
You should be safe if you are the only one with access to that computer.
If you are sharing the computer with another human being; please Unplug your Yubikey and take it with you when you are not using the computer and it is likely that another human being could be using the computer. Just to be safe; Do Not Leave Your Yubikey Plugged In If Another Person Is Using It…unless you’re authorizing them to access something.
Your Yubikey can’t tell who clicked it’s button as it is NOT a Fingerprint Reader.
I don’t think there’s a factual answer to this question.
My take on it though is why would they delete it? They can make use of it in various ways, and in new ways every once in a while, and it’s not like as if you could prove it in court or even just find out that they didn’t delete your data.
privacyguides
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.