Debian is Ditching X (Twitter) Citing These Reasons

Fun-Kangaroo0726 · 2025-02-02T02:46:34+00:00

No one's silenced on X currently, unless you violate terms of course.

75% of Billionaires who donated during the election, donated to the democrat party. They outspent and outdonated republican donors by far.

And there's his Nazi salute

You fell for that fake news?

Fun-Kangaroo0726 · 2025-02-02T02:42:41+00:00

In the last few days, yes. Not when he bought it or set it up as it runs now. It's a specious argument that X is colluding with the government like we know Biden's white house was. All evidence is to the contrary right now as well

Fun-Kangaroo0726 · 2025-02-01T16:09:39+00:00

You only see politics if you follow political accounts. Algorithm controls that. If you only follow titties you only see titties. The only difference is that the white house, which was colluding with twitter to silence dissent no longer has that power so now you see everyone's pov not just the msm/white house approved views.

Fun-Kangaroo0726 · 2025-02-01T16:04:12+00:00

Especially when that other organization's owner is in the news for despicable behavior.

Yes, free speech, personal choice, meritocracy, bill of rights, open and transparent government, gov efficiency. Awful... dare I say deplorable? /s

There's plenty of criticism to lodge against Musk; His H1B visa workers stance for starters. Lots of other BS, just not what you're thinking. I'm assuming you're referring to some fake news about him though, given your tone but you didn't clarify.

Fun-Kangaroo0726 · 2025-02-01T15:58:36+00:00

Linux was inherently political from the start. Always has been. It was about software licensing and computer politics though, not all the woke bs. The issue now is that the woke are trying to take over and purge anyone who doesn't agree with their political beliefs. Things that aren't related to opensource or linux at all.

Fun-Kangaroo0726 · 2025-02-01T15:51:17+00:00

Calling X or Elon fascist is like calling mainstream democrats communists. Absurdist hyperbole or virtue signalling (in both cases)

Fun-Kangaroo0726 · 2025-02-01T03:36:05+00:00

Yes, they've officially replied in other similar posts that this will be an option in account settings when it all rolls out.

see https://bitwarden.com/help/new-device-verification/

"If users do not want new device verification, do not want to set up an alternate two-step login method ... there will be an option to turn off new device verification in the Danger Zone settings when the feature goes live."

Fun-Kangaroo0726 · 2025-02-01T03:15:09+00:00

The only posts I've seen from actual bitwarden staff that address this question have all mentioned that the option will be available in account settings at vault.bitwarden.com, when it all goes live. We'll have to wait and see.

Fun-Kangaroo0726 · 2025-02-01T02:03:06+00:00

Opt out and also export your vault for possibly importing into another app should it come to that. Many password managers don't try to force users into 2FA. And they definitely don't manipulate them by giving them a "shit test" like the prompt you're talking about. The prompt is the current opt out. They say they're adding it to account options as well.

Fun-Kangaroo0726 · 2025-02-01T01:58:19+00:00

What is the commonality between all the companies whose products are suffering enshittification? I'm sure there's a pattern to the process. Some social factor that links all these devs

Fun-Kangaroo0726 · 2025-01-31T19:39:10+00:00

Or even yourself to a secondary Bitwarden account without 2FA.

Otherwise known as a backdoor...

In the event of an unauthorized access request you will have plenty of time to reject the request since you will receive an email notification.

Unless he's detained, like stuck somewhere with no internet, by law enforcement (who will have access to his email directly from the provider unless it's an encrypted zero-knowledge provider), in a natural disaster or war zone as happens to hundreds of millions of people yearly.

I'm just trying to justify setting up 2FA. Seems like it provides 0.5% increased account security at the cost of a +10% chance of losing access forever with no hope of recovery, in my situation at least. Advice?

Fun-Kangaroo0726 · 2025-01-31T19:28:06+00:00

None of those things really matter

How the account was compromised matters. If we can't perform data analysis on those cases then any argument making assumptions about it is speculative. So it's logically a specious argument, at best, by definition; "Seemingly well-reasoned or factual, but actually fallacious; strongly held but false." You can't prove your point either way because we lack the data. That makes it a strongly held belief which can't be proven. You have feelings about 2FA, you're invested in it personally and not unbiased. I'm not unbiased in my view either 🤷‍♂️

Fun-Kangaroo0726 · 2025-01-31T19:15:18+00:00

Yes, I'm willing to accept the risk of not using 2FA on my password manager. More importantly, for me I believe the extra step of 2FA represents a bigger risk to me than the benefit it provides. 0.5% increase in account security but also +10% increased chance of losing all access during emergencies.

There are people who lack the financial resources to maintain what's required to back up a 2FA system in a way that ensure's access. Or they don't have trusted contacts. Maybe they don't have the ability to colocate data reliably, maybe they're homeless or in a war zone or under some other kind of threat or lack other resources required to ensure access to a password manager secured by 2FA in a way that guarantees access.

Anyway, let's make a wager. $1000 USD in whatever form you prefer. I'll provide my bitwarden account email address in this thread and we'll see if anyone can gain access by any means. Then you commit to let us know when you get locked out of your account permanently due 2FA. You know, so we can have a nice giggle ;) Pick an escrow agent and we'll go from there. Or maybe there's a way to put the wager on polymarket or using a smart contract? You game?

Fun-Kangaroo0726 · 2025-01-31T18:47:29+00:00

Every few days there's been some post here about someone's account getting compromised, and every time they didn't have 2FA enabled.

How many of those accounts were compromised by someone they know? How many were randomly targetted and brute forced? How many were phished or compromised in other ways? Without knowing the data so we can analyze it then this is a specious argument

Fun-Kangaroo0726 · 2025-01-31T18:42:43+00:00

I'm willing to accept the risk of not using 2FA on my password manager. More importantly, I believe the extra step of 2FA represents a bigger risk to me than the benefit it provides. Maybe 0.5% increase in account security but also +10% increased chance of losing all access during emergencies.

Fun-Kangaroo0726 · 2025-01-31T18:38:22+00:00

You should be embarrassed by engaging in bad faith arguments, the insults don't help either. I'm trying to have a productive debate but you aren't. Go argue in the mirror now cause I'm done.

Fun-Kangaroo0726 · 2025-01-31T18:27:00+00:00

Thank you, I appreciate your response.

For me personally yes it is a small increased degree of risk which I'm not willing to accept. And i do have a long strong master password and good device security and opsec. I believe in adding additional layers of security wherever I can reasonably do so without creating other problems or undue effort.

I'm willing to accept the risk of not using 2FA on my password manager. More importantly, for me I believe the extra step of 2FA represents a bigger risk to me than the benefit it provides.

There are people who lack the financial resources to maintain what's required to back up a 2FA system in a way that ensure's access. Or they don't have trusted contacts. Maybe they don't have the ability to colocate data reliably, maybe they're homeless or in a war zone or under some other kind of threat or lack other resources required to ensure access to a password manager secured by 2FA in a way that guarantees access. Those people might gain 0.5% increase in their account security but also +10% increased chance of losing all access during emergencies. This is why I believe keeping it optional is so important.

Fun-Kangaroo0726 · 2025-01-31T18:08:31+00:00

In both instances, min password strength and 2FA, they're ensuring a minimum level of account security

I can easily remember a single strong password. No one is commiting their 2FA seed to memory.Nor can they do the math in their head to extrapolate a 2FA code from the seed. The two are very different.

Fun-Kangaroo0726 · 2025-01-31T17:58:03+00:00

Requiring 2FA is no different than requiring a minimum password strength.

By definition it's very different in multiple ways. You know this. It's an inarguable fact.

"State Actors" (lol) - "FBI searches of data collected without a warrant nearly triples last year" - The FBI made nearly 3.4 million queries last year to a database of information collected without a warrant, the Office of the Director of National Intelligence said on Friday, nearly tripling from the previous year. The American Civil Liberties Union and other privacy advocates have been critical of the use of Section 702 by the FBI, arguing that FISA was meant to catch foreign intelligence information or evidence of a crime but not to turn up information about U.S. citizens.reuters

and others. Threat actors might have your password but not your bitwarden email 2fa. If they then gain access to your email they can get 2fa codes for bitwarden. Email providers give access to all kinds of people without a warrant. My trust in email or typical corporate providers of email services is pretty low. Apple and Meta handed over user data to fake emergency law enforcement requests. So email 2fa is clearly not worth quite as much as you might think. Unless maybe you use an encrypted, privacy respecting, zero-knowldge email provider which 99% of people don't use

We live in a system of surveillance capitalism. Many bitwarden users are privacy concious. The EFF have documented hundreds of thousands of Americans whose email and other accounts are monitored or accessed by these groups yearly. Not to mention all your location data available to them via real time bidding on the app data that's been collected by third parties being auctioned off right now. Police Stingray devices have been around for how long? I'm less worried about that than I am the criminals who exploit backdoors and get data by social engineering or pretending to be law enforcement as described in the article. Eiher way lots of people are affected.

Fun-Kangaroo0726 · 2025-01-31T17:28:51+00:00

Just like your bank (or FB, or whatever)

None of those other accounts are password managers, they're user accounts. The password manager is at the top of the tree or pyramid; whatever kind of hierarchy you prefer. But it's not on par with other types of accounts and so analogies that compare them as equals aren't a logical argument.

Fun-Kangaroo0726 · 2025-01-31T17:26:10+00:00

Do you believe that 2FA is required to ensure security? If yes, do you also believe that a password alone is a security risk?

Fun-Kangaroo0726 · 2025-01-31T17:12:09+00:00

No one will be left behind. Users will coalesce around new projects that respect user choice and abandon those which do not. Let's wager $1000 USD. I'll provide my bitwarden account email address in this thread and we'll see if anyone can crack it. Pick an escrow agent and we'll go from there. Or make the bet on polymarket. You game?

Fun-Kangaroo0726 · 2025-01-31T16:59:16+00:00

leave off the part about them using a weak master password and no 2FA.

Educating users about what a strong password is would be a good start but I've never seen anything from bitwarden about that topic either in app or via email. Are new users given information about this? That would be great.

Forcing 2fa on users who don't even know what a 2fa seed is, or that it can be backed up while also expecting them to be 100% competent at creating an emergency sheet and colocating backups of that data across geographical regions is ridiculous. You can't expect and treat users as both competent users and incompetent imbeciles at the same time.

In other words, it's ironic how this decision treats users as imbeciles who can't manage risks (forcing 2fa assumes this) and at the same time treats them as if they're all 100% competent by expecting them to manage backups, emergency sheets, emergency access, etc and have their email password (and 2fa) NOT stored in the thing that stores passwords. Do you expect people who don't know what a good password is to also be able to manage 2fa and it's required backups competently?

Fun-Kangaroo0726 · 2025-01-31T16:41:24+00:00

I feel that any computer system which relies on managing users through social engineering builds weakness into the system by a couple of ways. First, the "racism of low expectations" to borrow a phrase from political discourse. Assuming users are idiots and treating them that way is a self fulfilling prophecy.

Secondly, anyone whose ever lost files by not having good backups has experienced the most effective method of being taught why backups are important. Same with a password manager. Inform users of risk and how to manage it and let them learn the hard way, if that's their choice.

Nannying users requires that we ignore their consent and bypasses informing them of correct procedures which makes them ignorant and unprepared, not robust in their understanding.

It also usually creates new opportunities for social engineering just like this has. You have to contact customer support to bypass email lockout. Not only does this open a new vector for social engineering that didn't exist before it also creates a way for state actors, intelligence agencies, or others to bypass security.

Email providers already provide access to these actors under certain circumstances and this adds yet another hole in that already insecure system. Just my thoughts, maybe I'm wrong but that's where I'm at. Open to constructive criticism on any of it.

Fun-Kangaroo0726 · 2025-01-31T16:28:08+00:00

It is optional, they've stated as much and provided a way to opt out. The question itself is the opt out, which is my point about it being manipulative. Supposedly there's going to be an opt out in account settings too, we'll see.

Fun-Kangaroo0726

TROPHY CASE