• 0 Posts
  • 453 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle




  • I use this setup for my personal passwords, using nextcloud as the sync solution. A semi-fix for that was using Keepass2Android (on Android obviously). It integrates with nextcloud directly, keep a local DB of passwords, and would only load the remote one (and merge) on unlock and updates, not keeping it “constantly” sync on every remote change. It works well… most of the time… with only two devices that almost always have connection to the server… and for only one user.

    It’s overly clunky though. It’s the big advantage of “service based” password manager against “single file based” ones. They handle sync. We have plans to move to bitwarden at my workplace, and since the client supports multiple accounts on multiple servers, I’ll probably move to that for personal stuff too. The convenience is just there, without downside.


  • Except for the part that it’s not a question of trust (being open source), there’s no third-party architecture to trust (it can and should be self-hosted), the data on the server are also encrypted client-side before leaving your device, sure.

    Oh, and you also get proper sync, no risk of desync if two devices gets a change while offline without having to go check your in-house sync solution, easy share between user (still with no trust needed in the server), all working perfectly with good user UI integration for almost every systems.

    Yeah, I wonder why people bother using that, instead of deploying clunky, single-user solution.


  • I understand what you mean. There is an important point here though; we’re not talking about friends, coworkers, that random barista, or anyone else finding out about you after the fact. We’re talking about parents and their kid.

    And I’m not saying it is easy either. But it is the role of parents to look after their kid when they’re young. Nobody’s saying that’s easy, and nobody’s saying that some random busybody should have seen the sign. We’re talking about people that should have been the closest and the most warry about this situation.

    It certainly is possible to miss it. But if the closest, most concerned, most incentivized to care people are not enough to at least have some fleeting suspicion about their kid’s behavior, then we may as well pull the collective plug of our specie outta the wall.













  • cley_faye@lemmy.worldtoTechnology@lemmy.worldThe Mozilla Graveyard
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    4
    ·
    1 month ago

    You’re right, they aren’t google. Not for lack of trying though.

    You see posts putting some shade over Mozilla, and your immediate reaction is “it feels almost coordinated”. Well, that may be. But it would be hard to distinguish a “coordinated attack” from a “that’s just the things they’re doing, and there’s report on it” article, no? Especially when most of it can be fact-checked.

    In this particular case, those abandoned projects got picked up by other… sometimes. And sometimes not. But they were abandoned. There’s no denying that.

    If you want some more hot water for Mozilla, since you’re talking about privacy and security, you’d be interested in their recent switch regarding these points. Sure, the PR is all about protecting privacy and users, but looking into the acts, the message is a bit more diluted. And there’s always a fair amount of people that are ready to do the opposite of what you claims; namely discarding all criticism because “Mozilla”, when the same criticism are totally fair play when talking about other big companies.

    Being keen on maintaining user privacy, system security, and trust, is not the same as picking a “champion” and sticking to it until the end. Mozilla have been doing shady things for half a decade now, and they should not get a free pass because they’re still the lesser evil for now.