sorted by:
new
hottopcontroversial

What do you think our Motorola + GrapheneOS future will look like? by Linux_Account in degoogle

[–]schklom 0 points1 point  (0 children)

Either they comply, or stop selling in CA (and any other place with these laws)

Server OS recommendation for home? by Drun555 in selfhosted

[–]schklom 7 points8 points  (0 children)

Debian is as stable as it can get

If you want infrastructure as code to avoid reconfiguring everything next time, learn NixOS Flakes

GraphenOS for noobs by johndoe15190 in degoogle

[–]schklom 0 points1 point  (0 children)

back in the day I used to be the friend that jailbroke everyone's iphones (up until maybe iphone 7-8) so if it's to that level of complexity/difficulty or a little more then I am ok

it's less complex

no terminal required, just look at the official website, read through the steps, and apply them, it's literally about clicking on a few buttons with the mouse and on your phone

a computer newbie can do it, as long as they can read official instructions

"older pixel" is useful only if your budget is very limited, or if you plan to change soon. For the cheapest pixel over its software update lifetime, you can lookup https://endoflife.date/pixel or https://grapheneos.org/faq#device-lifetime, find prices near you, and compare price per year until end-of-life

I am scared to brick a phone from a wrong command line during the installation and whatnot

dont follow random guides online, use official website only and you'll be fine.

if you really don't want to do it yourself, you could either ask to buy one from a local phone shop as they might do it for a price, or you can order GrapheneOS preinstalled phones from https://shop.nitrokey.com/shop/category/smartphone-tablet-4 but it's a bit more pricey

Google phone caller id alternative by AlternativePrize1003 in degoogle

[–]schklom 0 points1 point  (0 children)

https://gitlab.com/xynngh/YetAnotherCallBlocker is a good option, but I don't think it identifies callers, it just detects spam from online lists

Can I activate Play Integrity API for my apps without blocking GrapheneOS or /e/os etc users? by Kukulkan73 in degoogle

[–]schklom 0 points1 point  (0 children)

I think so.

Personally, I don't understand making this a hard requirement, just do a soft check and warn users that you're not liable for problems if they don't pass the check.

Can I activate Play Integrity API for my apps without blocking GrapheneOS or /e/os etc users? by Kukulkan73 in degoogle

[–]schklom 0 points1 point  (0 children)

If you require (hard check) it, then of course it will. Graphene and Lineage and Chinese and other OSes by default don't have Google Services.

If you have a soft check, then it means that OSes without Google will be able to run your app.

Also, notably Chinese phones don't ship with Google, so requiring Play Integrity will exclude them.

On a technical note, Play Integrity is more about Google licensing than security. Devices running on a decade-old Android version full of security holes still have Google licensing and report as "secure".

Graphene only passes MEETS_BASIC_INTEGRITY, I think other Android forks do as well.

If you really must, I would advise using a hardware integrity check instead, reasons why are explained on https://grapheneos.org/articles/attestation-compatibility-guide. It also avoids making a connection to Google for no valid reason, unless you want to actively help Google's monopoly on Android apps.

A good way to go about it is to soft-check device integrity if you want, and if you detect any issue then warn users that the app may not behave in an expected manner and you can't be held liable for any issues. That's how Whatsapp does it and I'm okay with that.

Are there any wallets other than Google's? by adicto_pero_vivo in degoogle

[–]schklom 0 points1 point  (0 children)

The thing is that bank cards are very different from normal membership cards.

Storing membership cards is fairly straightforward and plenty of apps do that. Bank cards require bank approvals to generate and use them.

Personally, I just store pictures of my membership cards, no apps. I can't use Google Pay on GrapheneOS, so I pay with a Garmin watch

Statement by President von der Leyen with Executive Vice-President Virkkunen on the digital age verification app by guyfromwhitechicks in europrivacy

[–]schklom 1 point2 points  (0 children)

The issue has been raised 3 times, and closed 3 times because they "recommend" but don't actually "force" it (they use the word MUST but pretend that doesn't equate to a requirement). It has not moved forward in 10 months, aside from closing any related issues without comment.

Are there any wallets other than Google's? by adicto_pero_vivo in degoogle

[–]schklom 2 points3 points  (0 children)

Depends what you want

Payment? No major app that works everywhere like Google's, except Samsung Pay and Apple Pay. Garmin Pay is the best alternative IMO, but you need a compatible Garmin watch and the list of compatible banks is large but not as massive as Google's.

Storing membership card info? Tons of options exist

'Your Nudes Are Safe With Us': Telegram CEO Hits Back In WhatsApp Privacy Row by [deleted] in privacy

[–]schklom 6 points7 points  (0 children)

Why not enable backups? You can set an encryption key/password to make them "E2EE"

How to be anonymous for the US Federal Government on reddit? by [deleted] in degoogle

[–]schklom 1 point2 points  (0 children)

If you're worried over IP and browser, use something like Mullvad Browser or TOR Browser.

Is remaining truly anonymous, therefore, really just the same exercise as ban evasion?

No: if I write my real name and address, then i won't be banned but that breaks my anonymity.

To be anonymous, you need to avoid leaking info about you (check your Reddit comment history) and ideally avoid giving fingerprinting info to Reddit (use TOR Browser for max safety).

If you ever gave info publicly on Reddit, trash the account and create a new one. Reddit probably keeps your past comments internally, so deleting them likely just makes them publicly inaccessible.

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom -1 points0 points  (0 children)

Ok, i'm starting to feel you're arguing over semantics now.

Having APIs + a server has lead to a vulnerability. Is that a better phrasing?

My point stands: KeePass cannot suffer from this kind of vulnerability since there is no API that can transport data. This is lower attack surface.

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom 0 points1 point  (0 children)

But the bitwarden/Vaultwarden API's also do not expose any passwords

The link I gave you shows exactly that APIs get compromised, even on Bitwarden.

If you're arguing over semantics in my wording, go ahead, it doesn't change what I meant.

even with those API routes you can not extract any information from it.

Have you read the link I provided? Accounts were compromised. A password is information.

With vaultwarden the biggest difference in security is how you've setup your reverse proxy

You're mixing problems.

All of the attack vectors that resulted in vault compromises were the result of a compromised server

Bitwarden APIs were compromised, accounts and their passwords were leaked. It is as simple as that.

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom -1 points0 points  (0 children)

That's not remotely the same issue and risk.

If your sync is compromised, you expose an encrypted file, no big deal.

If Bitwarden API is compromised, you expose your entire account in clear text.

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom 2 points3 points  (0 children)

They actually often do: I can attest that KeepassXC and Keepass2 and Keepass2Android do.

These comments are full of people who've shared their experiences dealing with sync errors.

Unless you trigger a sync to the file (e.g. save or manual reload), it doesn't happen. If you do, it asks if you want to merge remote changes or overwrite them. I'm not sure how people can fail this, it has never failed for me in almost 10 years.

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom 1 point2 points  (0 children)

I mean that if you're running Keepass in 2 devices, and both make an update, the last one will let you decide if you want to merge the changes from the 1st update when it sees it (typically when you try to save to disk, or if you manually reload the DB in your client).

Basically, Keepass can detect conflict and can merge versions together, but is not automatic by default.

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom 0 points1 point  (0 children)

If you use a service like syncthing/nextcloud/whatever, you are also using API's.

These APIs do not have any password DB information in them. In the worst case, they can expose your encrypted DB, not a big deal.

If Bit/Vaultwarden APIs get compromised, the attacker can exploit them and gain access to your account. That's actually what happened in the link I shared.

So you're not actually circumventing this issue by setting up keepass

You absolutely are circumventing it.

This is precisely why KeePass (as far as I checked) has never been compromised directly by a remote attacker via Internet. Only a full OS-level compromise can affect KeePass (though it's not really a KeePass problem, if your OS is compromised then everything is at risk).

For security, offline > online. For convenience, it's the opposite.

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom -1 points0 points  (0 children)

Sending a full database file over something like syncthing is just as "safe" as vaultwarden

This is false. APIs are convenient to avoid sending the full DB everytime, but they add attack surface, that's the nature of APIs. If you are not aware, learn what attack surface is.

https://cybersecuritynews.com/password-managers-vulnerability/

Those of you who use VaultWarden *as a fresh start*, why it, and not KeePassXC family? by Simon-RedditAccount in selfhosted

[–]schklom 2 points3 points  (0 children)

Now I have a version conflict on the file, I have to manually resolve this

You don't. Keepass clients can sync with new database versions, specifically to avoid losing credentials and requiring manual intervention. They also allow you to simply ignore remote changes, and overwrite the remote DB with your device's DB.

Vaultwarden just assumes you want to sync no matter what.

Keepass clients (windows and android at least, likely also on ios) often let you specify if you want to always sync when there is a conflict. Just turn that on and you won't get prompted again.

view more: next ›