The Cuuuuube

the google corporate overlords are just straight up evil

i think some big project, something really important, needs to migrate for the masses of devs to move too

they’re on mastodon where threads and replies work a little differently

Sure yeah. I think corpos suck, too. That’s why I don’t prefer 1password. But Firefox puts their passwords into a file, too (two actually). Key3.db and Logins.json, both with known locations, and encrypted using AES-256-GCM which is… Decent but I prefer to go a little more hardened. The thing with keepass is the following:

1. Its open source, no corpo
2. The file encryption you select can be as hardened as you want
3. No one but you need know the location of your file
4. It offers 2fa which Firefox password manager doesn’t
5. Firefox password manager is more susceptible to social engineering attacks is mainly what I was worried about but it seems like you’ve got a good handle on it.
6. You don’t have to integrate keepass with the browser to use it

But I want to make it abundantly clear. @Dyskolos@lemmy.zip has not recommended storing your passwords in a file. They have suggested storing your passwords in a mechanism that can be as secure as your hardware is capable of securing and keeping the location of that up to your own decision making.

But also. Promise me this. If you’re going to keep using Firefox as your password manager:

1. Don’t use sync. That’s run by Firefox’s corporate arm, Mozilla PBC
2. Use a primary password of at least 32 characters
3. Consider rotating your password on a regular interval, like on your birthday

Cover the G logo with a pop socket or some shit. No one will give enough of a shit to desire your phone. Buying used always denies OEMs sales so its always good to buy used

Using the internet without an adblocker is genuinely dangerous. Everyone really should be using uBlock Origin. Using a web browser that prevents uBlock Origin puts you in danger

If you use a deterministic password manager, make sure you make your master password strong

In-built password managers for browsers are straightforward to crack. Like… Terrifyingly easy. It’s much better to use something like Bitwarden, Vaultwarden if you don’t trust Bitwarden, 1Password if you really want the reassurance of paying someone for trust, or KeePass if you don’t trust anyone at all (I, personally, fit into this category).

Messengers are not protocols. They use protocols. Most XMPP clients use the same encryption scheme Signal does only without being dependent on a single specific server, allowing users to spread out. I recommend reading about the differences between targeting developing a platform and developing protocols. Once you do, you’ll see XMPP+Encryption in a better light than anything like Signal. The main problem in the current moment with XMPP+Encryption us that it isn’t where the people are. Us tech weirdos can start the push into that space a little bit, but we need “Normies” to adopt to, and for that we need to be clear on what were talking about. Comparing XMPP to signal doesn’t make sense. Comparing Cheogram to Signal does. And in the latter, cheogram frankly blows Signal out of the water for real privacy and security considerations

I immediately had my suspicions this article might contain some bullshit when I saw it was published by the new oil…

Yeah. I didn’t pull down my comments when I left, but the oldest ones from 2010-2012 are real fucking wrong-headed. That’s while I was still in college and hadn’t learned yet that the real messaging about how the world works was

1. staring me right in the face
2. not discussed as being about what its about by mainstream media outlets

That was the era frat rap was not just allowed to exist, but with some regularity got mainstream popularity. The great irony is two big names from that space, Asher Roth and Mac Miller went on to do some really thoughtful and insightful work, and I think their journey of awakening to the harm their privilege did is what a lot of us went through. Like. I don’t think the majority of us were thinking enough about the importance of countercultural music movements. Now google and reddit get to be the kings of that toxic outdated way of thinking.

The bad news is… That toxic outdated way of thinking benefits them. And now they’ll have a big data model that can post real seeming messages and amplify those shitty takes a lot of us grew out of

Well. I mean. Look who heads Twitter

Hardware specs were too constrained for regular daily use. The software updates are always way behind schedule, and the company is too small to support their warranty (I really do think they’re doing their best to do what’s right, but they’re just super slow on turnaround for support)

I only know about Fairphone and Teracube. Having owned a Teracube I recommend not getting a Teracube

Then more of us should get ourselves on those lists. We should make the lists useless by way of flooding them

Especially since when was the last time you got a phone that impressed you? Like phones haven’t been getting better they’ve been getting more gimmicky

Phones don’t use an IBM-PC architecture. You’d need a phone based on an architecture phones aren’t usually based on or You’d need to re-engineer UEFI to work for an architecture it wasn’t designed for

I highly encourage everyone to buy their pixel phones for grapheneos secondhand. there’s enough pixel fanbois out there you should be able to deprive any corporation of the money of your sale by buying a like new condition last generation pixel (Like an 8 now that the 8a and 9 are out)

Interesting! I assume then that dslul was the original developer. Weird I wasn’t able to turn up anything at all… Well… Not that weird given that internet search is broken

Its also worth noting Graphene’s focus on pixel devices stems from those devices having more easily secured hardware. Which android fork you decide to use will depend on your particular use case. I wound up going with a Pixel and Graphene for android auto. But if you’re someone with existing hardware that you want to set up with a degoogled os, there’s e/os, lineageos, CalyxOS, iodé, and, if you wanna get really weird, postmarket os. Having done a deep dive into this I can honestly day there’s no single OSFA answer to this.