privacyguides

This magazine is from a federated server and may be incomplete. Browse more on the original instance.

Undertaker, in BVG out here recommending the best 2FA Apps!

FreeOTP+ is the choice not Free OTP…

lemann, in Does Google still hold contact data after deleting from Google Contacts?

Not directly an answer to your question, but this is a really nice gesture. I’d appreciate it a ton personally

petrescatraian, (edited )

@lemann Thank you! Yea, many of my contact's emails are probably on Yahoo instead, so it's not that much of a biggie. I know nobody using Tuta or Proton or whatever. And probably they no longer care since most people use their emails only for logging in to websites that don't support SSO with social networks/Google and just outright create a new email if they forget their password to that. But hey, less data for Google is still less data for Google.

otter,

Agreed, I didn’t think to do this but I might go through my list when I get time

While companies may secretly hold on to the data, it would also prevent future apps from abusing the data if I accidentally allow contact permissions

rammjet, in Does Google still hold contact data after deleting from Google Contacts?

Contacts has a Trash can. Deleted contacts are deleted after 30 days. You can empty the Trash yourself. Log into the web interface and find Trash on the left.

joeldebruijn,

Thats just a user frontend showing your personal view of things . Nobody outside Google knows for sure if they really remove it from their end. All we know is they COULD keep a copy for themselves.

sbv, in Does Google still hold contact data after deleting from Google Contacts?

We have no visibility into Google’s internal processes. The developers that work on the product would probably know, but the rest of us can only guess.

petrescatraian,

@sbv Thank you!

hswolf, in BVG out here recommending the best 2FA Apps!
@hswolf@lemmy.world avatar

If you get Bitwarden pro (really cheap), you can save an OTP link together with the site credentials, it’s really good for keeping everything in one place

SaltyIceteaMaker,
@SaltyIceteaMaker@iusearchlinux.fyi avatar

Proton pass can also do this

PracticalParrot,

I do this. I want to point out it is absolutely TERRIBLE for security. It’s turning 2 factor back into 1 factor authentication.

goodhunter,

Consider your threat model. You could use a yubikey for Bitwarden log in.

kniescherz,

I would argue its more like a 1.5 factor. Not secure when your bitwarden gets compromised. But more security for stolen, leaked, phised passwords.

I currently have 60 OTPs in Bitwarden, I probably would not have activated 2FA on so many sites without BW.

IdleSheep, (edited )
@IdleSheep@lemmy.blahaj.zone avatar

This isn’t really a good idea because then you’re putting all your eggs in one basket. The whole point of 2FA is that the second factor is in a separate location so if your first factor (password) gets compromised the second one (OTP code) still protects your account. If both factors are in one place you’re back to a single point of failure instead of 2, losing a key benefit of 2FA.

If you’re gonna do this, at the very least have 2FA with a security key on your bitwarden vault.

kniescherz,

You lose security, sure. But you are gaining so much more ease of use. Bitwarden autofills your credentials and puts your token into your clipboard. Also it syncs your tokens to all devices. Effectifly this makes a site as easy to login as a site without 2fa.

The alternative is on desktop always get your smartphone, open some app type a token or on the phone to switch to multiple apps to get your credentials. Not fun imho.

I currently activated 2fa on over 60 sites, I doubt I would use it as much without BW.

For me, the key benefit of 2Fa is getting more security against leaked, stolen, phished passwords, and that still holds up.

IdleSheep, (edited )
@IdleSheep@lemmy.blahaj.zone avatar

The alternative is on desktop always get your smartphone, open some app type a token or on the phone to switch to multiple apps to get your credentials. Not fun imho.

There are desktop apps for OTP, you don’t need a phone. And since you only need to setup an OTP secret once, doing it for your phone and pc isn’t that big of a deal.

I have my OTP secrets in 3 places, 2 yubikeys and my phone’s authenticator app, with the former meant for my PC.

For me, the key benefit of 2Fa is getting more security against leaked, stolen, phished passwords, and that still holds up.

If your vault doesn’t have 2FA too this doesn’t hold up though. Means you’re trusting a single service that can get hacked with all your secrets. Sure, your other accounts are more protected against leaks and stuff, but if your password vault isn’t, you didn’t really change much, just pointed the hackers to one single place.

Yes I know hacking a password vault isn’t some walk in the park and rarely happens, but the point is any leaks from it would be 10 times more catastrophic for you if all your OTP secrets are also stored in it. I’ll spare myself from that nightmare with the small inconvenience that is a separate, offline OTP app.

kniescherz,

Good points!

I got the vault protected via yubikey of course ;)

derpgon,

If you get Vaultwarden, absolutely free, you don’t have to pay and have full control over your data. It’s a win-win!

mdd, in Does Google still hold contact data after deleting from Google Contacts?

I’m pessimistic when it comes to companies using my data but I assume they will use and abuse that info forever.

otter, (edited ) in This Week in Privacy (#1)

This is great! The length and tone was perfect IMO

Hope you guys do these for a while to come :)

mahony, in This Week in Privacy (#1)

Would be nice if it was possible to subscribe to en email to receive this blog automatically. Also, would be nice to post youtube links via piped or some other front-end app, since its about privacy :)

noodlejetski,

RSS

mahony, (edited )

yeah never used that to be honest, I guess I have a reason to check it out. Still, to reach people a newsletter straight into an inbox is better. What RSS is recommended?

gears,

I use newsboat, if you’re used to the terminal.

FippleStone,

If you’re comfortable hosting your own services, I can recommend FreshRSS for an aggregator and FocusReader for an android client.

Redoomed,
sznowicki, in yubikey and USB

It should be safe. It only shares the secrets with legit domains. That’s one of the powers of this tech: it won’t share your secrets with something that looks like a legit domain.

badgrandpa,
@badgrandpa@lemmy.world avatar

but without physical - click - key will be non accessible?

taladar,

No, some of the functionality is definitely accessible without that, e.g. if you use ykman oath accounts code on Linux to read the TOTP codes you don’t need to click and I seem to recall some of the functionality has a configurable click requirement.

bug, in This Week in Privacy (#1)

@jonah you’re alive! Welcome back, this server needs 4 months worth of maintenance!

rutrum, (edited ) in This Week in Privacy (#1)
@rutrum@lm.paradisus.day avatar

I don’t know how much content there is to share, so you might be overflowing with things to talk about every week. But I fear that doing so much effort weekly could be unsustainable. I would suggest, or hope you consider, a less freqent blog/podcast, like every other week. I think this would be more modest, and easier to maintain. You wouldn’t need to change to title of the blog, either.

Anyway, this is an exciting project and I’m thankful for your work.

kilgore_trout, in BVG out here recommending the best 2FA Apps!

BVG is acronym for Berliner Verkehrsbetriebe, Berlin’s public transport agency.

sloppy_diffuser, in Is Proton Unlimited Worth renewing?

On a grandfathered visionary 2 year payment plan with a year remaining, so no change plans yet, but I’m keeping a list of annoyances and concerns for renewal considerations.

Email

  • Really want snooze/delayed email reminders for specific emails. What Mailbox from Dropbox? used to have, and Inbox had before it was merged with Gmail.
  • Annoyed I can’t delete pre-proton pass aliases
  • No android (bidirectional) contact syncing. Been using EteSync.
  • Have multiple family members on the plan

Calendar

  • Use daily. I had issues with the number of clicks it took when adding emailed invites that didn’t get picked up automatically. Have not noticed in awhile if this is still an issue but I also don’t get as many invites.

Passwords

  • I use BitWarden
  • Been using Proton Pass aliases, but I’m on the fence due to it creating a vendor lock-in situation

VPN

  • Use ProtonVPN for port forwarding situations.
  • Use Mullvad otherwise as my daily driver.

Drive

  • Proton - I use if I need to share a file with someone else in a pinch
  • rclone/b2 - Main off-site backup solution with my own encryption keys. RoundSync for android to backup my phone to b2.

I tried rclone proton support the week it was merged. Worked okay. I tried syncing some ISO backups though and it just sat forever. Didn’t troubleshoot and just kept using b2.

Melody, in yubikey and USB

You should be safe if you are the only one with access to that computer.

If you are sharing the computer with another human being; please Unplug your Yubikey and take it with you when you are not using the computer and it is likely that another human being could be using the computer. Just to be safe; Do Not Leave Your Yubikey Plugged In If Another Person Is Using It…unless you’re authorizing them to access something.

Your Yubikey can’t tell who clicked it’s button as it is NOT a Fingerprint Reader.

ReversalHatchery, in Does Google still hold contact data after deleting from Google Contacts?

I don’t think there’s a factual answer to this question.
My take on it though is why would they delete it? They can make use of it in various ways, and in new ways every once in a while, and it’s not like as if you could prove it in court or even just find out that they didn’t delete your data.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacyguides@lemmy.one
  • localhost
  • All magazines
  • Loading…
    Loading the web debug toolbar…
    Attempt #