For me it’s the paranoia surrounding webcams. People outright refuse to own one and I understand, until they go on and on about how they’re being spied. Here’s the secret - unplug the damn thing when you think you won’t use it or haven’t used it in a while.
They, whoever it is, can’t really spy on you on something that’s already off and unplugged!
I feel the same way about webcams. I’m paranoid about them too, but you know what’s an easy solution? Buy a desktop monitor without one and then buy a USB webcam.
If you’re on a laptop, then for the camera just tape a piece of paper over it. As for the internal mic, you might be fucked LOL cause I got nothing.
It’s a bit late to worry about internal mics when everyone has their phone on them at all times.
The need for a solution regarding one angle of a problem does not invalidate the need for a solution regarding another.
You can take care of privacy on your personal hardware, but with work issued devices, you can’t.
People who complain about ads on YouTube. I tell them about ads blockers and they always go “Huh, you sure it works? Sounds good, I might try that” and then proceed to forget about it and complain about ads in a few months time…
I just install it for them or tell them to use Brave (don’t down vote me, these people aren’t going out of their way to use firefox and download all the needed extensions)
😤 how dare you make reconsider my absolutist views
People have a fantastically high resistance to change
I’m pretty positive by this point that people love to bitch about ads for the sake of bitching about ads. They bring this onto themselves.
Same goes for them going onto sites without ad blockers. Then when you tell them, it’s either “OHHH THANKS!” or “Uhhhh, I cAn’t” for no reason.
Or people, like my mom, who
arewere relatively educated about technology and don’t want to learn new technologies/tools under the pretense of security (even if the software is foss, like again most adblockers.Edit: Whenever I use a browser without an adblocker, I remember how shitty the web is without them.
My mom built computers in the '90s and '00s, she taught me how to use the command prompt to play my dos games. now she can barely use one. I don’t know what the hell happened.
Well, my mom is a computer engieneer, who had me reflash a phone from work and install libreoffice on her windows laptop (to be fair none of her coworkers could reflash the phone and the second one was probably just lazyness).
I think this happens because people believe that ad blockers are “too good to be true”. That was what I first thought when first getting an ad blocker, that there was going to be some kind of “catch” like slowing down websites, making them less functional or being malicious. But it turns out they actually improve performance, rarely affect functionality and are even recommended by the FBI because they protect against malicious advertising.
I hate the ad blocker argument for youtube. How am i supposed to do that on my tv or my phone?
I mean, don’t you want less ads anyways?
- invidious
- piped
- some TVs have 3rd party specialized versions of the official webapp
The first two have web pages and phone apps. You can find the phone apps on F-droid.
Fun fact: did you know that the youtube app on your TV is just a no-effort web browser with a URL fixed to a web page, which you could even use on your PC?
Can I do any of these on FireTV?
Use smart tube on fire tv and other android tv devices: https://github.com/yuliskov/SmartTube
I literally just use normal Firefox with normal ublock origin on my phone
Awk, sed, and grep.
mind expanding on what these solve?
Awk is a helps you do any kind of processing of semi structured text data.
Sed is a stream editor which lets you edit a file using commands. Which is tedious until you need to replace something in a bunch if files or make very specific edits across a large number of files.
Grep is just find pattern in text file.
You might have a different type of person in mind than other commenters. Most commenters had such people in mind who won’t install a password manager or an ad-blocker, or won’t hard reboot their Windows unless supervised. Having said that, I don’t think that even if you had technical people in mind this fits the question. They tend to take substantial more effort to learn and use effectively than the scope set by the original question. I thought this question was for little things that have a quick, lasting, and substantial effect. Learning awk and sed is a different thing entirely, I think of those more as productivity tools you can invest in mastering, and pay off in the long run.
That assumes you can unplug it. Most devices I own have the camera built right into the device, and it can sometimes be hard to find an option that doesn’t include it. I have a Webcam cover on my desktop and laptop.
I haven’t seen one that would work for my phone, but if someone has hacked my phone, I probably have bigger issues.
That, and most people don’t know how to disable the device from their device manager.
If we’re being paranoid about hackers gaining access to your webcam, why would you assume they couldn’t also reenable your drivers
Fuck the webcam, what about the mic?
Is it a monitor provided by your workplace? If not, well, it’s not that hard to find a monitor without a built-in camera. I found one easily enough for my gaming desktop… Unless the monitor market has dramatically changed since 2019-ish…
Password managers. People will use anything but that: paper, notes app (without any security), using the same password everywhere…
Eh, I don’t trust any 3rd party enough to give them all my passwords and I don’t trust myself enough to secure a server for self hosting a password manager.
I know all my passwords, can’t forget em, no paper or notes, no repeat passwords.
Fucking THANK YOU.
A very good friend of mine doesn’t use any password manager. I’ve often in the past told them why don’t they? They argue that then all their passwords would be gone if they forget that one master password. Okay, I say, how the fuck is having to remember 1 password harder than having to remember 20 passwords?
Any good password manager nowadays also has an account takeover feature if you opt in. Basically your spouse / child / parent can take over your account to recover it for you if you can’t get in.
If you know all your passwords and can’t forget them, I’m assuming your using some sort of pattern to remember them in which case you have a major issue in case of data breaches as your other passwords can be guessed.
Just as a heads up, sometimes the pattern is not that easy for computer to brute force. As an example, my old password contains a birth date but with an alternating shift making them a combination of digit and symbol.
The issue is if you are a) targeted, and b)involved in multiple breaches. If they can get the pattern, they potentially get everything.
Is it worth it? That depends. Are you willing to risk it NOT being worth it to a random guy in Africa earning a few $ a day?
Yeah, a fair point
Keepass. Password database is a local file.
Technically you could use PGP to encrypt a .txt file with all your passwords in it. Which would be more or less the same thing with a lot less polish to it.
Sorry, what is PGP?
PGP is ‘pretty good privacy’; it’s an encryption standard. It’s not the best, but it’s fairly easy to use, and it going to resist decryption pretty well, for most use-cases. The idea is that you have a public key, and a private key. The public key allows messages to be encrypted, while your private key allows decryption.
this is the way
Sorry stupid question, but how do I import my passwords from Proton Pass to KeepassDX?
I looked it up for you; you can export your Proton Pass database as a .csv file and then import it into KeePass. Not sure about KeePassDX but on XC, there’s a csv import option. There’s also a json import option but it says BitWarden for that so I’m not sure if the json Proton Pass exports is in the same structure as KeePassXC expects.
Thanks for the answer! Another question: does saving the data on KeepassDX keep all the passwords and such for me to import to other apps if needed? Or what does the file include?
You can export as csv, html, xml from KeePassXC. Dunno about DX but you can just try it on your desktop if it’s not an option on mobile.
You know I’m looking up all these answers right? I don’t mean to be rude but you can and should just look these up yourself. You can check import and export options by opening keepassxc/keepassdx and checking for yourself
Yeah, you’re right. Sorry, I definitely have a tendency to treat Lemmy as a search engine sometimes. Nonetheless I appreciate you answering me!
Keepassdx is an android app for keepassdx databases with a nice ui. I use it too.
Yes, and personally I use syncthing to sync newest file to all devices when they connect to my home network.
Came to say this exact thing.
FFS I have 100’s of passwords saved in my keepass DB, they are all different.
Passwords will only autofill on the correct site, so look alike sites are captured by that simple bit of security.
I keep telling myself I need to start using a password manager but I’m worried I won’t be able to log into things on my phone or other devices like my work computer when I need to because I don’t know the password. Is that a legitimate worry or is there a solution for this? How do you sync passwords between computer and phone?
I keep trying to convince my parents. Then they say but what if I forget the master password? I say they won’t with a passphrase but they don’t believe me.
Also I don’t have experience with PW managers other than 1Password, Bitwarden and Roboform. I personally didn’t like Bitwarden. I think it’s UI is janky and oldschool. Roboform is so bad I don’t even know where to start complaining. So I keep using 1Password even though the UI has been getting worse but it still works for me because of the good integration into the Apple ecosystem. But it’s rather expensive for managing the 20 something passwords my parents have. I read about breaches on other PWMs sometimes so I don’t really know what to trust and recommend.
Keepassxc works fairly well for me, with a few quirks. Don’t know how it is on apple though.
Show them you can export the passwords and print them. It will help them to make the switch to know they cannot lose everything because it is on paper. It is what helped my parents
Set my family up with Bitwarden. Had them think up good passwords, told them not to tell me, etc. etc. they went and promptly forgot it.
One of these days I’m going to set them up again but this time I’m going to have to save their master passwords on my account.
Wires:
- Ethernet over WiFi for non portable desktops
- Audio gear : wired will sound better. Bluetooth headphones have batteries that almost certainly aren’t repairable.
- Peripherals, in the sane vein. I just don’t get having to charge a keyboard or mouse that sits on my desk all day.
I have Bluetooth earbuds that crack open when they hit a hard surface (have surviveed so far) and the battery is a little Li-Ion pouch on soldered wires. They probably don’t last as long as sealed ones of the same size but it’s very easy to find and install a replacement battery. Just check disassembly guides before buying.
Ethernet over WiFi for non portable desktops
Wi-Fi basically is wireless Ethernet, so I don’t know what “Ethernet over WiFi” is supposed to mean, and I don’t know what problem is being solved nor what solution is being proposed.
Ethernet (hard wire connection) is preferable to WI-FI. Ethernet > WI-FI. It has significantly higher speed and stability.
I see. In networking, X over Y has a specific meaning regarding layers.
Im familiar with RFC-2549 😜
Power over ethernet + ethernet over wifi
== Wireless power transmission!
As easy as hooking your access point’s external antenna connector to your microwave oven’s magnetron.
Electricity police, here’s this fella…
They’re saying “prefer hardwired Ethernet cables rather than wifi”
I agree with everything except a wireless mouse. I have a magnetic usb “nub” that plugs into the mouse so when I need to charge it every couple of weeks it’s as simple as moving the mouse near enough the magnetic cable and it pops into place.
For me, the benefits of a wireless mouse far outweigh the imperceptible-to-me lag from the 2.4ghz dongle 10cm away in clear view. The only downside I can see is the weight of the battery, but I’m not a competitive FPS player so I’m good.
But what are the benefits of a wireless mouse? You don’t have to string the cable from the back of your PC to the mousepad, sure, but that’s something you do once a blue moon (unless you often go to LAN partys (which, in itself, are probably not a thing anymore)). At work, okay, I sometimes get up off my chair and have my company-provided wireless mouse on my leg to keep scrolling while I read through legal documents, but that’s a rare use case, too, no?
I don’t like the feeling of the cable dragging on the desk. Or the cable snagging on the monitor stand, or anything else on the desk.
I also prefer the aesthetics of a wireless mouse. One less cable to manage. The charge cable is tucked away and only comes out every week or so to charge overnight.
Yeah, my keyboard has a cable but my keyboard doesn’t move, and it’s a pretty sexy (and heavy) cable so it’s different than a mouse cable.
As for latency, from what I understand in many cases a wireless mouse can have less latency than some wired mice. So that’s nice too.
I guess the main downside is weight but that has never bothered me. That said, I’m not a competitive fps player, but even so some wireless mice are quite light.
Fair points you’re making there!
I guess it never bothered me enough to have even crossed my mind.
I need to look into the latency thing. From my limited knowledge it makes no sense that a wireless mouse could have better latency than a wired one. Unless the wire is made of something barely conductive to electricity and the wireless works with stupidly fast transmission tech, I guess o.o
Great review of several high end mice, wired and wireless. He found no correlation between wires and latency. Ultimately, he concludes that the most important properties of the mouse are weight and feel.
I like wireless for my laptop, but I’ve never understood the point on my desktop. It’s never going beyond the cable’s length, and the cable has never gotten in the way unless I’m doing extreme motions with a very low sensitivity. And in that case, I am playing competitive fps.
I just hate the dragging of the wire on anything that might be in the way. I go wireless for keyboard and mouse whenever possible.
While I’ve only used one or two types of bluetooth headphones, i’ve never hand any trouble replacing the battery with them. The cups just snap out and then you unplug the lithium cell and plug a new one it, at least in my experience, so that may just have been a thing with the model you got.
I second all of your statements. I don’t care if my Apple TV is on WiFi, but my gaming desktop is most definitely hooked to an Ethernet cable. I also use a wired keyboard and mouse on it, but I’ll admit I have a cheap wireless keyboard and mouse for my work laptop because I didn’t want to deal with another set of cables on the same desk, and I can’t think of a good solution for both machines to share the same keyboard and mouse without having to switch the cables between them all the time.
A USB switch or the more expensive KVM could work.
KVM switch looks like it could work, since I don’t want to switch a USB switch and then still have to switch monitor input. Just need to find one with both an HDMI input and a DP input.
The fuck is “Ethernet over WiFi”. Isn’t ethernet by definition wired? If it’s x over WiFi, isn’t that just WiFi with extra steps?
Edit: I see from other comments they mean “preferable compared to”, not “used atop of”.
Ethernet over WiFi is WiFi. Ethernet is a protocol not the cables and its used with wired networks and WiFi.
Source?
I’ve never heard anything like this.
It appears I either misunderstood or misremembered what I read.
It probably referred to MAC addresses being reused on WiFi. However the frames used are not Ethernet frames.
Ethernet however is not restricted to twisted pair cat cables it’s on fiber and originally was on co-axial.
I think they meant it like “I prefer ethernet more than wifi”
Yeah, I saw that after seeing the other comments. I just didn’t refresh the page to see your comment until after I typed up my edit. Lol, sorry.
Reboot fixes a ton of issues.
And if that doesn’t work check the physical connection by unplugging it and plugging it back in.
Is my client bugging or is this comment empty?
idk have you tried restarting it
Nah, looks about right and empty
“Stuck on boot loop”
Have you tried turning it off and on again?
Have you tried turning it off and on again?
Majority of “webcam” use is in laptops, tablets and phones, grandpa… No “unplug the damn thing” to be found?
They often come equipped with a privacy slider to cover the lens. Or you can just put a sticker on them.
They don’t “often come with” I’d say it’s fairly rare, and especially in the last generation of computers that most have now.
Also, what you mention are all steps above and beyond OP’s direction to “just unplug it” and they come with compromises - I.e. A shutter cover isn’t a HW disconnect, two very different things. And, a sticker isn’t really removable temporarily when you actually do need the camera deliberately. Certain high end laptops have a purported physical HW disconnect toggle or even some “flip around” cameras that are only deployed when needed, but again, few and far between.
Sorry if I was wrong about the prevalence of such protections. My perception may be biased because the notebooks used by our company are all equipped with a switch or shutter of some sort. (HP brand, IIRC) Regarding your second point, however: surely a shutter physically obscuring the camera lens is just as effective as disconnecting the camera when it comes to protecting the user’s privacy?
An ad blocker, on desktop and phone.
It blocks annoying ads and also protects you against malware (malvertisement).
I set up my Pi-Hole years ago and haven’t touched it since. Maybe I should update it.
And please just enable blocking cookies and annoyances in unlock origin. It has filters that can be enabled, and you’ll never see a cookie banner again.
Unplug your inbuilt webcam?
Some laptops now have physical privacy shutters for that - and for those that don’t, you can get one that you can stick on top.
That still leaves the microphone.
The actual sane solution would just be to require indicator leds hardwired to the literal power supply lines of the camera chip/microphone, so they’re physically impossible top turn off while recording.
I call this one forbidden knowledge because I see it so little in public, but I’m sure it’s well known in privacy communities: A password like “I have this really secure password that I type into computers sometimes” is a much stronger and easier to memorize password than “aB69$@m”. It seems more often than not I find networks where the SSID is a better password than the WPA key.
I agree but I think the problem is that some apps/sites have strict password requirements, which usually includes adding upper-case, symbols, numbers, and then limits the length even sometimes…
At my previous bank the password had to be a 5 digit PIN code…
Sketchy indeed. I’ve seen this as well, and the redeeming thing about it is that you’re locked out after 3 unsuccessful login attempts - so no matter how easy bruteforcing would be, there’s a safety catch deal with this.
At one point, Charles Schwab allowed a password of infinite length, but SILENTLY TRUNCATED ALL PASSWORDS TO 8 DIGITS.
This is something I sent a few angry emails about wherever I could find an opportunity.
Which is funny because those strict rules reduce the number of combinations an attacker has to guess from, thereby reducing security.
Provably false. That’s only true if the rules specify some really wacky requirements which I haven’t seen anywhere except in that one game about making a password.
Think about it this way. If you have a password of maximum length two which only accepts lowercase letters, you have 26 choices for the first character & 26 for the next. Each of the 26 characters in the first spot can be combined with any of the 26 characters in the second spot, so 26 * 26 = 676 possible passwords.
By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords. It increases significantly if you increase the length beyond two or can have more than just upper & lowercase letters.
Computers have gotten so efficient at generating & validating passwords that you can try tens of thousands of passwords in a minute, exhausting every possible two-letter password in seconds starting with
aaand ending withZZ.The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase, but I’ve never seen a password picker say “your fourth character must be a lowercase letter”.
By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords.
You don’t add them, you enforce at least one. That eliminates all combinations without upper case letters.
So, without this rule you would indeed have the 52x52 possible passwords, but with it you have (52x52)-(26x26) possible passwords (the second bracket is all combinations of 2 lowercase letters), which is obviously less.
The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase
Wrong. In your example, for any given try, if you have put a lowercase letter in spot 1, you don’t need to try any lowercase in spot 2.
Any information you give the attacker eliminates possible combinations.
I think I’m confused on your point.
I interpreted your statement to mean “adding a requirement for certain types of characters will decrease the number of possible passwords compared to no requirements at all”, which is false. Even in your example above, with only two letters, no numbers / special characters allowed, requiring a capital letter decreases the possibilities back to the original 676 possible passwords - not less.
Perhaps you’re trying to say that passwords should all require certain complexity, but without broadcasting the password requirements publicly? I suppose that’s a valid point, but I don’t think the tradeoff of time required to make that secure is worth the literal .000001% (I think I did the math right) improvement in security.
Even in your example above, with only two letters, no numbers / special characters allowed, requiring a capital letter decreases the possibilities back to the original 676 possible passwords - not less.
No it doesn’t. It reduces the possibilities to less than the 52x52 possibilities that would exist if you allowed all possible combinations of upper and lower case letters.
You are confused because you only see the two options of enforcing or not allowing certain characters. All characters need to be allowed but none should be enforced. That maximizes the number of possible combinations.
that passwords should all require certain complexity, but without broadcasting the password requirements publicly?
No, because that’s still the same. An attacker can find out the rules by creating accounts and testing.
“correct horse battery staple” remains firm in my memory
xkcd #936. Nice.
Difficulty to remember: You’ve already memorized it
It’s true! And nobody remembers the first panel’s password.
the SSID is a better password than the WPA key
This is an insult I am definitely saving for later
Here’s what I’ve shared with my company.
I agree - I do use passphrases in some critical cases which I don’t want to store in a password manager.
However, I believe passphrases are theoretically more susceptible to sophisticated dictionary type attacks, but you can easily mitigate it by using some less-common 1337speak character replacements.
Highly recommend a password manager though - it’s much easier to remember one or two complex master keyring passwords & the random generated passwords will easily satisfy any application’s complexity requirements.
Yeah that’s basically what I do, I know the passphrase to decrypt my drive, and the one to open Bitwarden and then I basically let that just handle everything else.
Oh and the
sudoone I guess.
I have a webcam that we use when we’re not home for longish periods. It’s unplugged when we’re here. Also, it is connected to my own server, not some corporate cloud crap.
Saving a picture and posting it somewhere.
I see people making screenshots of their whole phone’s screen and posting them just to show a picture. In reality, maybe 90% of the time, if you see a picture on the screen of your phone, you can save that picture, with no pointless information around it, no black bars and so on. Even if that’s not possible, Android for example has been doing something from the recent apps screen that lets you extract a picture from an app’s screen - and that’s arguably even easier than doing a screenshot.
Disregarding YouTube’s educational side of things. People take YouTube for granted… just use it for entertainment. A lot of DIY projects have been accomplished thanks to DIY videos on YouTube.
I have done stuff by myself they in anybtime before yt would need someone to show me.
Whem car mechanic tells me I have problem on my car I can find yt on how to detect it and how to solve it. I don’t get knowledge to do it, but I can definitely appreciate their work more and not think they are just ripping me off.
It is amazing what we have and take for granted.
I’ve been helping my parents renovate their house recently, and I’m trying to get them to understand this. Just watch a video, it instantly gives you context for commonly agreed upon solutions. You don’t have to reinvent solutions to solved problems.
For example, my mom decided to refinish her cabinets doors. They were painted with one layer of a typical latex house paint you could even still see the original finish in the brush strokes. I sanded the paint and the original varnished finish off the interiors in just a few minutes with an orbital sander.
She decided that because she saw that her aunt use a paint stripper on Facebook, that she should do that. So instead of sanding it down to wood in a few minutes, she’ll coat the doors with stripper, scrape the paint off, clean the caustic paint stripper off, and then sand the varnish/wood at the end anyway. I tried to explain this, and pull up a video showing how messy and overkill the paint strippers were, and she got mad that I played a video.
Meanwhile, my step dad was helping me install quarter round over their baseboards, I showed him 3 options to finish the ends. A simple 90° cut, a standard 45° bevel, and another mitre with a tiny triangle to round over the end. I explained that the mitre looks the nicest, but it takes twice as long to do.
He proceeded to freehand two bevels for half an hour with a dull chipped chisel. They were completely uneven and jagged. Then I explained he had to repeat that work 18 more times in the hallway alone, assuming he was happy with his… handiwork.
They have been trying to finish renovating this house for 20 years. Now I see why it is taking so long.
Youtube has helped me save on so many home repairs. 400 service calls become a 30 part and an afternoon of taking the dryer apart with video guides.
