• 5 Posts
  • 1 Comment
Joined 5M ago
cake
Cake day: Jun 08, 2024

help-circle
rss
VPN DNS leak - DoH and network.trr.mode in Firefox
Some feedback regarding Proton VPN documentation and some confusion regarding Firefox DNS configuration: https://protonvpn.com/support/browser-extensions#firefox says: "By default, Firefox does not route DNS queries through the HTTPS connection to our VPN servers" and then is mentioned a workaround to fix it. That suggest alarming thing, that ProtonVPN Firefox user has to do some custom workaround in order to be private (prevent a DNS leak). On another hand, https://protonvpn.com/support/dns-leaks-privacy says: "DNS queries are routed through the VPN tunnel to be resolved on our servers" these statements are a bit confusing/contradicting (though Proton later explains that this latest statement does not apply on a browser extension VPN apps) and Proton further adds at https://protonvpn.com/support/dns-leaks-privacy/#dns-over-https that the DNS leak can happen also due to enabled DoH feature in web browser. Solution: ProtonVPN browser extension should (if possible) warn user in case it fails to process DNS and as a result, it is leaked. Vote for this [feature request](https://protonmail.uservoice.com/forums/932836-proton-vpn/suggestions/48752957-detect-dns-leak-and-warn-protonvpn-users) ---- Another "issue" is with the above mentioned/linked workaround (here I am speaking only about Firefox), this workaround: go to "about:config into the URL bar and hit <enter>. At the warning, click Accept the risk and continue → search for network.trr.mode" In my case I had this set that variable to 5 which means DoH "Off by choice", Proton in said tutorial suggest value 3 instead, which means (According to https://wiki.mozilla.org/Trusted_Recursive_Resolver#DNS-over-HTTPS_Prefs_in_Firefox ) "Only use TRR, never use the native resolver.". This confuses me since it looks like an opposite to what i have now, while any DNS leak site: https://www.dnsleaktest.com https://ipleak.net does NOT report leak in my case nor in case i set network.trr.mode to 3. A bit weird but i guess no big deal? Thanks for your feedback in advance.
fedilink

Firefox vs ProtonPass as a password manager (pros and cons)
# 3 password managers at same time 🧐 : My older version of a **Firefox** browser remember most of my passwords (I am ok how it works), but some important passwords are also stored in **KEEpass** and not in Firefox. Then there is a **ProtonPass** which can import both Firefox CSV and KeePass XML. **Problem with import and synchronization of these managers** is that the 1. Pass is not made to deduplicate the imported data (some imported logins may already be in vaults), which requires user to delete Pass logins prior importing a .csv file (importing because file contains more up to date logins). 2. import does not contain 2FA secrets nor aliases (aliases deleted in Pass can not be restored into Pass at the time of writing - June 2024). # Firefox and Proton Pass - PROS and CONS (as of June 2024): **Quality of suggested logins:** ⛔️ Firefox (old ver.) suggests all passwords saved across whole website incl. its subdomains which is messy ✅ Pass: suggests only passwords for a present page (not subdomains) = good ⛔️ Pass: does not automaticaly complete/suggest login when typing into username field and the list of saved logins is not alphabetically sorted by the username. **Speed:** ✅ Firefox: shows saved logins instantly ⛔️ Pass: 1 second delay of a Proton Pass drop down menu with login username suggestions comparing to Firefox which loads immediately and gives impression that it loads even before login page finished loading. Both password managers loads at same time on user mouse click into the login field. Delay of a ProtonPass happens only when the suggestion menu should appear automatically upon loading a login page. **Registration form suggestions:** ✅ Firefox: suggests previously used usernames/emails when typing, which is fine 🆗 Pass: does suggest anything when i type, as already mentioned. When I click, it suggests main ProtonMail address and allows generating unique alias which is very important key feature 🆗 Pass: password generating box shows non-important confirmation of a successfully copied password, which hides after like 2 seconds, making impossible to read the next form field during that time, which is annoying. **Login form suggestions:** ⛔️ Pass: does not offer any login suggestion on a Basic HTTP Auth (.htaccess password protection of a directory) forms (popup) of mine (site: ILF admin, C*A/my) **Other:** ⛔️ Pass: in Firefox i think it sometimes gets logged out requring to spend time re-login which may require 2FA auth from other device or other password manager. ✅ Pass: editing, grouping of passwords seems a bit better than Firefox ✅ Pass: Integrated 2FA ✅ Pass: Pass monitor in paid plan, password strength/leak indication # PROS vs CONS. What to do? ProtonPass is a bit slower than Firefox, yet it has its advantages - email alias generating, 2FA.... SimpleLogin browser extension can be used for Proton aliases and if you do not need 2FA, it may be easier to stay with just Firefox, which is enough safe manager since I am already making backups of a Firefox (incl. passwords - which are also synced E2EE to the Mozilla cloud https://support.mozilla.org/en-US/kb/sync#w_is-it-secure). Other option is to use Pass only for aliases and 2FA and inside its General settings, disable passwords saving and filling, letting Firefox do this job. Third manager (for example KeePassXC) can serve as a backup, it can also import exports of Pass and Firefox. I guess it would be good to backup any password manager (incl. Pass) data regularly on schedule. What are your suggestions/feedback regarding this?
fedilink

Pass in Firefox fails to close the email/password suggestion box when clicking the field one more time, can you reproduce?
Firefox 115.12.0esr with Pass 1.17.4 On various pages including https://lemmy.ml/signup when I click 1st time into a email or password field, Pass shows a "suggestion" box, when I click one more time into that form field, the box now fails to hide even i click outside of it. Workaround is to click into different form field. Anyone is experiencing the same? On which platform/pass version?
fedilink

Importing Proton Pass 1.17.5 .CSV export file into older Firefox 115.12.0esr (64-bit) and back - kind of synchronization
**Summary:** I wanted to see if I can synchronize Firefox and ProtonPass passwords. It works more or less. One just need to pay attention to using only one or another for saving passwords and if later wanted to switch, just delete outdated app passwords database and import other app passwords. NOTE: If you choose to delete ProtonPass logins and import 3rd party logins, it will possibly NOT import your 2FA secret and aliases (you would have to move these to a separate vault before deleting everything else! **Here is exactly written on what i did and what I have faced in July 2024** (maybe later version of the Proton Pass will work better). After backing up Firefox browser data/profile and exporting its passwords at "about:logins" page (three dots in the top corner), i have deleted all Firefox passwords (from same three dots menu). Then enabled Firefox passwords import (there were no import entry in that three dots menu) by going to "about:config" and searching for "signon.management.page.fileImport.enabled" double-clicking "false" to set it to "true". Reloaded "about:logins" page and then again using three dots menu imported the .csv export file made by the Proton Pass. Result: ``` New logins added: 1,808 Existing logins updated: 0 Duplicate logins found: 28 (not imported) Errors: 12 (not imported) ``` Under details, i could see which rows was problematic (only problem type was "Missing url") and after opening .csv file in a Calc editor i could see that the problematic rows were indeed "missing url" (or anything) in "url" row but the "name" field had the domain name. The problematic rows were almost exclusively Proton aliases (and these does not need any fixing and their later import into Proton Pass failed anyway - in the current version of the Pass that I have used), yet not knowing that at the moment, I have fixed all rows with missing url by copying name into url and prefixing with https:// using Linux command: `awk 'BEGIN{FS=OFS=","} $3=="" {$3="https://" $2} 1' "input.csv" > output_tmp && mv output_tmp "output.csv"` For Windows, this may work: `for /f "tokens=1-7 delims=," %a in (input.csv) do @echo %a,%b,%c,%d,%e,%f,%g,%h,%i >> output_tmp && move /y output_tmp output.csv` Upon import of the fixed file, there was same number of errors and this time it was "Missing password". I did insert a random passwords by modifying previous command like this: `awk 'BEGIN{FS=OFS=","} $5=="" {$5="ng21@Ak" $9} 1' "input.csv" > tmp && mv tmp "output.csv"` .csv file can be opened inside LibreOffice Calc (or other table processor), where it is visible in easy to read format. So after all, import from Proton Pass using .csv file was successful (despite a few harmless errors). **Opposite direction - synchronizing from Firefox to ProtonPass** may be problematic. At least in my case was. Because Proton Pass did not delete any duplicates. So if Proton Pass is outdated and Firefox has all ProtonPass items(logins) + new items, it can be done as follows, yet please note that deleting Pass logins and importing 3rd party app logins (Firefox) will possibly not import 2FA settings, so if you are using 2FA, make sure you save private keys so you can setup it again later - keys are visible when editing login with 2FA): Export Proton Pass for backup purpose. Create new vault and move to it all email aliases (meaning aliases not regular logins). Delete vault with logins and create new one and fill it with Firefox .csv file.
fedilink

Proton Pass - no option to Delete vault (if there is less than 2 vaults)
When there is only one vault in Proton Pass, it seems like the option to Delete vault is inactive/disabled and can not be clicked. After creating second vault, it worked to delete first (main one). It is a bit weird, no explanation why i was unable to delete.
fedilink

I have been told that it is not safe to enable 2FA and use Pass as an authenticator. For Proton account 2FA I am using not only Pass but also KeePassXC as a backup solution (for the case when Pass logout and requires 2FA code in order to login - and in such a case you can not get the 2FA code out of Pass - chicken-egg problem). Yet when using Pass desktop app, maybe logout issue is minimized (it remember my password across reboot and paid Pass is said to work offline).