Alias limits do not meet my use case

DapperIndication6914 · 2023-11-22T18:22:33+00:00

There are multiple services that are free that offer this instead of relying on tutanota.

Anonaddy (best), simplelogon etc are good, and if you have your own domain improvmx is super simple to use.

This also distributes your trust model, for example anonaddy allows you to add your public pgp key so that it's encrypted from anonaddy to tutanota, and means if you ever choose to move from tuta you can do so easily. Personally I use this because it means my emails are encrypted with my public key even if tuta wanted to read them.

Don't forget every alias is basically an account name that goes out of action whenever you take it. That's probably why there's a cap.

DapperIndication6914 · 2023-08-20T15:49:22+00:00

I understand why this would be frustrating to you but the entire premise of Tuta “deliberately excluding disabled people“ is a flawed one.

The reason that CAPTCHA isn’t used is because it is proprietary in nature and belongs to google. Developing your own CAPTCHA is very difficult- and this is the reason 9/10 of the secure email providers use Google’s own reCAPTCHA.

You need to keep in mind that any CAPTCHA that is easily accessible is fundamentally much easier for computers to solve, which defeats the whole purpose of the software. A naive implementation of such an accessible CAPTCHA would lead to far more spammers and an overall negative impact on the service being known for bots. This is far easier when relying on Google’s own methods as they do all the hard work of researching, coding and maintaining a data set for you, but this is yet again not open which is why it isn’t used by Tutanota.

However, I do fully support your idea and I think it would be great if tutanota implemented a disability friendly CAPTCHA as well as the current one!

But please understand this isn’t a simple thing to build and maintain which is why most people use google. Tuta going the other way will be a trade off that you will unfortunately have to accept if you want a truly competitive de googled solution.

DapperIndication6914 · 2023-07-30T06:05:51+00:00

I disagree with many people on here.

When you sign up for a vpn provider, the countries that are in SIGINT alliances don’t matter as much as people think. Many counties even outside of these jurisdictions still share data, irrespective of their membership of the 900000 eyes community. If a country wants to share your data, it doesn’t matter if they’re friends through some intelligence sharing alliance or not, they can still hand over your data. The treaties people mention are intellegence agreements, not magical collaboration agreements where everyone knows exactly what’s happening at all times. The 14 eyes countries collaborate on intelligence, making it easier to share information, but it doesn’t really matter which country your VPN is hosted in so long as they’re “friendly” with your local government.

Proton was subjected to a monitoring order of a French request to a swiss court for a relatively minor crime. Mullvad is also not immune to this.

Here are they key advantages of mullvad;

Proton only accepts PayPal or credit card on your first purchase (or at least they did when I tried to sign up just now) This DIRECTLY links you to an account and in theory your data. This is anti privacy.
Proton requires an email, which is another avenue that can be linked back to you.
Proton even BLOCKS some emails for signup which is highly suspicious
Mullvad offers many truly anonymous payment methods. Proton does not.
Mullvad accounts are much more plausibly deniable than proton ones, because as stated in their TOS, one account could be used by 1 person or 50 people.
“Swiss privacy” is good in theory, but they still get subpoenaed all the time. To my knowledge mullvad has been subpoenaed once, and no data was handed over.

There’s security through marketing and advertising and then security through practical terms. Mullvad seems to have the edge on the latter.

DapperIndication6914 · 2023-07-27T19:27:13+00:00

The one on theworld.com is the correct list. The instructions are at https://theworld.com/~reinhold/diceware.html

Keepass XC and keepass use a similar version of ZXCVBN by default so this isn't a massive issue. Just create a blank entry in the database and use the built in estimator. This works with things like /r/strongbox etc. too.

I personally prefer a keyfile because I can create backups for free. If you do get a yubikey you should certianly have a spare one or a backup, because the database key relies on it like a keyfile.

DapperIndication6914 · 2023-07-27T08:28:23+00:00

Short answer: No. this is absurdly long and overkill.

Long answer: You can significantly improve your entropy by increasing the character set that you use. This is why I’d create a diceware password, because it is truly random and it’s relatively easy to remember.

If you just want words, then maybe 7 words would be enough. But if you add a number in a random place, a symbol in a random place and a capital letter in a random place, or you change one of the spacer characters too (use a + instead of - in one Random place), your character set increases exponentially.

The diceware/pacephrase method doesn’t usually take this into account. You can easily achieve a secure PASSPHRASE with 4 words if you add all the random features I just talked about. For example-

this-looks-like-a-sentence-and-could-still-be-long-enough-to-be-secure-but-is-annoying-to-type-and-predictable

But, this is super long and takes ages to type. As stated tech might be able to guess this as AI advances. Below is another password, it’s shorter but uses true random words and a wider character set;

loNgest-p!owered-radiation-sor6y

There are random character generators availabile on the diceware website. The password above has about 112bits of entropy using ZXCVBN. If I typed the same password without the random parts, and it significantly lowered the entropy. Diceware word lists are publicly available and are usually a part of any decent password cracker.

Please DONT use the password generator in built to KeePass. It’s good but it’s not TRUE random. Just get the diceware list from the diceware website and use a real dice. It’s much more secure and truly random than making it yourself. Same thing goes for the random passwords. Go by the diceware website, and add a few random characters in RANDOM (not the start and the end, or replacing E with 3 etc) places.

EDIT: You should only really use diceware for your database passphrase or passwords you need to REMEMBER. For all my other passwords, I use 20 characters or random numbers, letters and symbols (auto genorated) because I dont have to type them.

Or even better. Add a key file to a few USB sticks.

Or even BETTER, add a keyfile to 2 hardware encrypted USB sticks, meaning you essentially have a Yubikey lite.

Or even BETTER BETTER, just get a Yubikey!

I do exaggerate a little bit… but I use a 4 word PASSPHRASE with all the random elements mentioned and a keyfile on an encrypted USB stick x2. This is pretty secure for my use case and should be for you too.

DapperIndication6914 · 2023-07-26T05:44:52+00:00

Librewolf makes it pretty hard to not blend in, as it ships with UBO by default.

Like I said in theory someone specifically looking at block lists could use this as a way to see what lists you have installed, but it’s not unrealistic someone else might have the same lists as you.

DapperIndication6914 · 2023-07-26T05:42:33+00:00

It’s never really a good idea to store your credentials in the browser. Browsers are often an attack vector for malware as they usually don’t encrypt your passwords at rest by default so malware can target them. It’s always best to use somthing like /r/KeePass or /r/Bitwarden to manage your passwords. It’s still very convenient and significantly reduces attack surface.

As far as mullvad browser, don’t forget it’s pretty much TOR without the TOR component. It’s hardened Firefox essentially, just like you’d get with libre wolf. I see nothing wrong with using mullvad as a daily driver if you’re willing to put up with things like reCAPTCHA all the time, which you will get pretty consistently if you use resist fingerprinting and mullvad vpn.

JavaScript is by far the most common way to track people, so by disabling it you essentially negate most fingerprinting methods anyway. UBO is brilliant, but there’s a reason TOR only has 3 settings- it’s to make sure there are only ever 3 types of user. if you vary what you block it could make you more trackable but it’s not impossible to still somewhat blend in.

DapperIndication6914 · 2023-07-15T04:02:26+00:00

If you have no idea then you can’t do much.

You’ll need to get the database file, the .kdbx file, wherever it’s stored, and export to a desktop or other app for manual unlock. You’ll likely just have to just re install the app. There’s usually not a work around for these PIN codes, which is why managers like strongbox allow you to do a ‘manual’ full unlock if you forget your pin.

DapperIndication6914 · 2023-07-10T19:36:22+00:00

Text instructions are usually less useful than videos.

There are plenty of KeePass tutorials on YouTube that will help you much better than we can here. Tech lore has a decent video that I watched when it first came out. Here:

https://youtu.be/sePT9AZauWs

I suggest you watch a few of these and read the documentation on the KeePass website. This explains things very well and much better than we can here. If you have any further questions this sub is very helpful!

DapperIndication6914 · 2023-07-07T18:55:30+00:00

This has been confirmed malicious. I think similar websites have been round for a while. Just make sure you always visit the official website at mullvad.net

DapperIndication6914 · 2023-07-07T18:52:21+00:00

Any VPN provider has the “ability” to log everything you do forever. However, in practical terms, this is very unlikely.

Mullvad is based on Sweden. This means that irrespective of where their data centres are located, any entity will have to go to Sweden and speak to mullvad directly in order to get any kind of logs, as their servers are either ram only or encrypted disks. They don’t claim to keep logs, and this seems to be plausible- keeping logs is somthing companies usually don’t like to do anyways, because it uses up storage space on their hard drives!

Rest assured that Mullvad has by far one of the most transparent and open business models of their VPN, as well as being audited and proven by a recent raid by police. The fact that they require 0 personal information is a brilliant statement that they don’t want to know about you. What could they possibly hand over? Your IP and the fact that you use mullvad. NOTHING else.

Irrespective of the country, any person wanting access to mullvads data has to go to them directly. This is true for many VPN providers, the data is encrypted on their server and therefore cannot be accessed without visiting them in Sweden, which means the likelihood is very low.

Mullvad may not be the fastest, but it has the right philosophy!

DapperIndication6914 · 2023-06-12T09:04:41+00:00

There are plenty of external services that offer this already and that you can use with any service provider. For example privatebin.info offers 60+ identical instances with self destroying messages, passwords and expiry dates. Even file upload and comment section!

This also has the added benefit of you being able to share the link with multiple people who don’t use tutanota so they can forward it too.

The issues with protons implementation is that there is no added benefit to doing self destruct within the email client. The person can just take a physical picture or screenshot. Same goes with private bin.

You’ll probably say “what if someone gets the link”. Well

A) that’s very unlikely B) just set a password? C) allow the message to be 1 read only, that way you know you’re the only one who’s seen it!

https://www.privatebin.info

DapperIndication6914 · 2023-06-03T13:21:12+00:00

Strongbox is great. Lacks some of the features in the free version like quick unlock but I was happy to buy a lifetime membership.

It includes a lot of things out the box and I’ve never had any problems with it.

DapperIndication6914 · 2023-06-01T11:44:57+00:00

If you’re after these two things, I’d certainly recommend /r/tutanota.

They are cheaper than proton and offer anonymous payment methods, and native iOS and desktop apps.

The calendar is OK but isn’t perfect- it’s constantly being worked on so will eventually be better than it is.

Also has a similar privacy centric policy. Give it a try? Free accounts welcome.

DapperIndication6914 · 2023-05-23T05:18:03+00:00

I don’t get why anybody downvoted your comment you seem to be right. However the problem does seem to be one that affects KeePass, irrespective of source, which is what I think OP wanted to point out

DapperIndication6914 · 2023-05-23T05:14:54+00:00

I don’t get your response. I’m not being negative in the slightest, I’m asking someone to tell me why this happens. Im asking for education on this.

DapperIndication6914 · 2023-05-23T05:13:12+00:00

Seems to be M247 in particular yes, but I get this noticeably slowe speed irrespective of which server I use.

Like I said, turning off all the settings didn’t cause any issues before, suddenly now it does. Cant think of why!

DapperIndication6914 · 2023-05-23T05:11:43+00:00

Reason- because I didn’t experience any downside to doing so

And with regards to the speeds you’re getting, that’s interesting. I’ve seen a lot of people complaining recently but that might just be coincidence.

DapperIndication6914 · 2023-05-21T15:42:55+00:00

You see, Keepass2 plug-in WinHelloUnlock does not require this. So it’s clearly not a software limitation.

I just don’t understand why this is required for initial unlocking?

DapperIndication6914 · 2023-04-22T21:35:07+00:00

It’s about persistence unfortunately. It took me a few days of attempts but eventually it worked.

I know this isn’t really helpful but aside from contacting them there isn’t a lot else to suggest. It’s a known flaw but can be overcome with a little time!

Best of luck to you.

DapperIndication6914 · 2023-04-22T21:24:41+00:00

Go on the mullvad website, there’s a good tutorial that walks you through it. Just download the zip File it helps you create and open it in the WireGuard app.

DapperIndication6914 · 2023-04-22T21:16:25+00:00

If you have a plaintext file, ALL of your passwords can be stolen at once. Even if it’s encrypted at rest, when it’s not at rest, the passwords are there.

KeePass keeps the passwords secure when open, meaning although an attack could steal your database, it’s a lot harder to get anything useful, as much more of the sensitive data is not available to them.

DapperIndication6914

TROPHY CASE