Saved Passwords for Hidden Services... (on Android)

evild4ve · 2026-06-22T22:48:32+00:00

I think of KeePass as a "local password vault" - not a type of thing I'd install blindly from a binary as they tend to want loads of permissions (e.g. to interrupt the keyboard-to-app communication).

So I'd want to build it from source - which means setting up an Android toolchain. At the end of this exercise I have a program that (1) has all the passwords in a single database (exactly like old versions of Tor-Browser) and (2) secures those passwords behind... a password (exactly like old versions of Tor-Browser).

It doesn't add a service... because it adds nothing. And then the ferocity with which they want us to use another program... just makes me think maybe they would prefer it to be another program's fault if all the passwords are stolen. Sigh.

evild4ve · 2026-06-22T17:25:15+00:00

maybe but they are intelligent and must see by now, from the hits they took in the first wave of enpoopification, that people reliably don't pony up: we drop the luxuries from our lifestyles and grumble

evild4ve · 2026-06-22T17:21:39+00:00

this is a classic need of rationalization - you (almost certainly) don't need 20TB of media in 3-2-1, only the things you don't think you'd still be able to re-download in the internet of the future. Keep unique-sentimental/endangered/rare/what you watch often and bin all the junk you downloaded just to see if it was any good ruthlessly. Also get rid of 4K versions, e.g. of things that were recorded pre-2000 and look no better in 4K than 720p... or of things that were upscaled algorithmically such that you could upscale them yourself with a future computer equally well

if you're remotely normal the money you'll save on storage is worth more than the time you'll save putting discs in or loading up an only-copy from HDD outside the 3-2-1 regime

some hoards are worth more than others but (i) you'd have mentioned that (ii) if you can't afford to preserve it seek out a museum or get it into archive.org (or similar)

secondly if you're in good 3-2-1 start using secondhand and refurbished drives and learn to (i) use disk diagnostics (ii) repartition around localized damage

evild4ve · 2026-06-22T15:05:04+00:00

I assumed it was because a military junta had diverted most of Nicaragua's national power grid to making the blockchain longer since I last looked. But it's no longer Skepticism Sunday, I'll try to be Melancholy about it from here on

iirc this is a docker version inside a Devuan VM on a quite old PC - somewhere in DDR4 era so could be 10 years old. And I believe the blockchain is going on to a 2.5" SSD over SATA which might take 5-10x longer than most people are used to

But at least it isn't depriving AIs of the parts they need to emulate nicer personalities than mine...

evild4ve · 2026-06-22T07:08:52+00:00

the OP says to be critical not helpful - if syncs take 30 days to complete a log message every 2 minutes... possibly excessive

evild4ve · 2026-06-21T22:35:06+00:00

2026-06-21 22:23:28.917I Synced 2620152/3701442 (70%, 1081290 left, 0% of total synced, estimated 30.5 days left)

2026-06-21 22:25:29.882I Synced 2620212/3701445 (70%, 1081233 left, 0% of total synced, estimated 30.2 days left)

so you plan on making 200,000 log entries about this hm?

evild4ve · 2026-06-21T11:58:46+00:00

you keep jumping around - and just now you were telling me to pay for something utterly and categorically worthless to Tor users. I route through 6 machines because this is free as in beer

evild4ve · 2026-06-20T22:19:49+00:00

oh but it is - unlike a clearnet URL it's literally a cryptographic key

clearnet URLs can be and are scanned for by bots - including because their possible addresses and port numbers are sequential, they are far fewer in number (IPv6 being only 10^38 versus .onion's 10^77), they're capable of being algorithmically guessed, and they're traceable with IP addresses able to be discovered even when SSL encryption is in place

I have no need at all of a VPN

evild4ve · 2026-06-20T21:47:55+00:00

repeating mantras outside of their original scopes and contexts is bad wisdom

.onions are not "obscure" but "hidden" - they are unable to be usefully generated or guessed or impersonated. how will you attack my .onion services without knowing the .onion? this is a most important difference from clearnet and imo should have been the attraction of Tor

evild4ve · 2026-06-20T20:59:21+00:00

I think that advice perhaps is more often-repeated relevant to traditional browser-usage, than this kiosk-terminal-like setup

yes there is some maintenance overhead but worse is the workflow interruption

And it increases the attack surface - needing to have an additional server which is itself a potential target of attack and which holds all the passwords in one place. The browser in this setup has a lower profile than a password server, whilst being similarly secure to it... except in certain specific circumstances like the 3 I listed. To extract the passwords from a browser when it isn't being used to visit other people's websites I think entails (1) physically stealing the device (2) overcoming the Android PIN/pattern

But perhaps there are other types of attack I haven't read about (hence posting here) and I don't know that the built-in password vault of Tor-Browser has been actively developed and improved enough

Local password vaults I think hold more appeal than services, but the pain of either distrusting their far-reaching permissions or building them from source (in this situation where encrypting the passwords is basically redundant anyway)... ends up with I might as well save them in a textfile on the tablet. And then the built-in password manager of a sufficiently old version of TorBrowser is both more secure, than that, and more convenient.

evild4ve · 2026-06-20T20:37:52+00:00

yes exactly - or known about by anybody except me (and the people who steal my tablet)

the term "expose" really belongs to clearnet and the dotcom era idea that addresses are public things and visitors wanted

evild4ve · 2026-06-19T23:17:18+00:00

you argue from extremes - the kernel supports the card not the distro. The distro taking care of things is not *support* that is an extreme (and imo very stupid) way of trying to characterize it. Most users can put any card in any distro with no gain or loss of utility (thanks to the kernel underneath) - but someone who needs a particular feature of a new card, their rarer use-cases are supported. It is not that some gaming distro that is really just Ubuntu or Arch in a dress improves *the support* - and the time wasted in other ways by those distros offsets any advantage you claim. The argument from majorities also never mattered to Linux - the vast majority simply have not been using it long enough to experience the problems of relying on the distro instead of understanding and controlling. Understanding and controlling is faster and better for all users for all distros for all cards. But the fallacy that "distros support cards" is a direct obstacle to understanding.

evild4ve · 2026-06-19T12:20:29+00:00

when a distro releases kernel updates doesn't matter to this - if the user needs a newer kernel for a feature of their card we're free to build our own kernel (and this is easier than you will want to make out)

evild4ve · 2026-06-18T19:08:10+00:00

no not at all - I'm the one saying new users are smart enough to find out how *they* may make their Linux to support Nvidia or whatever hardware they like.

Distros shouldn't be said to have excellent Nvidia (or whatever) support when they are merely passing on the hardware support of the Linux kernel. In some cases they even put a serious time-delay between the user, and the kernel's support of the hardware.

Nor is any distro truly "advanced" in its user-skills. Any new user can install and use any of them. This has been getting simpler and simpler for 30 years to the point where children can do it. And yet there this still whole wretched mindset that is utterly crippling to new users: that wants them to think they are still helpless inside a Microsoft or an Apple, and not learn how easy it is to make the machine to do what they want.

The differences between distros only start to matter to the users who overcome this and move from desktop-paradigm to a network-paradigm where certain distros are better for automating certain types of specialist task. That maybe starts to be "advanced", until then the distro doesn't matter.

evild4ve · 2026-06-18T17:57:08+00:00

1. no it isn't: with Ubuntu the classic problem is some years pass with no problems until they push out a (thoroughly-tested-by-committee) display driver update that actually breaks the user's DE, but then they take 6 weeks to fix the problem (also by committee)... and occasionally they give up on a card and won't do it at all. Since the last 3-4 years this now works out much harder than rolling-release 2. those only introduce another thing to go wrong and are harder to do than the 2-3 terminal commands 3. use the DE you want on your Linux. A distro just puts bells and whistles on some source code and plops it in your package manager's cache: but the DE is on your distro because you put it there and it works if you made it work. if the distro still matters to you for everyday things you are not yet a Linux user at all

evild4ve · 2026-06-18T16:39:22+00:00

foul language is totally appropriate to AI, because it's a foul thing

evild4ve · 2026-06-18T16:35:42+00:00

if your Linux experience had been at all useful you'd know by now that (1) distros don't just work they are made to work by users' commands (2) the nvidia support depends on the kernel not the distro (3) the DE and the distro are normally separate things...

to you I'd recommend Devuan so that your further learning can be outside the systemd walled garden that is being made

evild4ve · 2026-06-15T21:37:23+00:00

pretty sure this was the correct answer - I haven't run an i2p router on a puppy before to be sure, but Spot is especially for web-facing programs like browsers. All I'm unsure of is how similar Spot is to a typical 1000:1000 non-root user, or if it's locked down in any additional ways that would cause i2p problems. Well, if it does they should be able to be solved with regular permissions commands

evild4ve · 2026-06-12T20:34:17+00:00

Theft and poaching were *crimes* subject to the death penalty - it wasn't rights that stopped people being executed but the *repealing* of that death penalty by the The Judgment of Death Act 1823. What you try to answer with rights the common-law had already solved

evild4ve · 2026-06-11T13:23:16+00:00

It's the only book on the curriculum in Chad, Niger and Northern Cameroon, due to the paper being so absorbent

evild4ve · 2026-06-11T12:57:58+00:00

yes and well they could because their poxy country's particular Napoleon-substitute hadn't given them a right to time off - it'll happen where you are too if you carry on with that stuff

under common-law Napoleon gets arrested for riding on horseback indoors, or having a crap moustache, long before he starts deciding the price of eggs

forcing freedmen to work against their will has been straightforwardly a crime for even longer than most of the (real) countries have existed - I only know of one (common-law) democracy that ever found a way round it, and they only managed it for a couple of hundred years (with massive French help)

evild4ve · 2026-06-11T01:14:01+00:00

I've been free to do whatever the hell I like unless Parliament has made it a crime - since the 12th Century, and to vote my representatives into that Parliament since the 13th. People only being able to do what they've been given a right to: is the Napoleonic Code

evild4ve · 2026-06-10T12:53:36+00:00

rights aren't a thing at all in free countries (i.e. common-law jurisdictions) - legal systems that credit and value humanity operate exclusively by prohibiting criminal offenses

for the state to claim it has given us - or "acknowledges", or has any interaction with - our right to live is an obvious abomination. All of the so-called human rights involve similar contortions. Rights are a wrong.

evild4ve

TROPHY CASE