if my backup key can just be cloned that easily

Do you consider $10,000 of equipment plus breaking your safe and extracting your pin to be easy? Who did you get on the wrong side of!?

The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.

The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out only by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low.

Given this massive caveat I’d almost call that headline misleading

You can test exactly what the recipient will see by emailing yourself via simplelogin

So what does all this data actually mean? I’ve looked at the GitHub page but it’s more like a technical manual than an explanation of what I’m actually looking at!

I like it, very poetic!

very wallet aggressive

I see you used this new AI to jazz up the word “expensive”!

The reddit webpage asks me download their app every time I have to open it, libreddit doesn’t. It’s also full of “sponsored posts” which aren’t from external advertisers so don’t seem to get blocked.

Oh huge, one step closer to replicating excel!

Adding a feature to a product that exists is much simpler than building a product you don’t have the expertise for!

I thought they were hiring Linux developers but I can’t see any open positions, hoping that means they’ve found someone rather than given up!

Assuming it’s the same as on Android then it’s pretty good but there’s quite a big caveat: it backs up every image as soon as you take/receive it, so you have to delete extras both on your device and on proton drive (sadly it’s not a sync like google photos)

Even more key, they explicitly tell you to use the VPN and/or Tor if you really need anonymity!

GDPR isn’t just an online thing, it applies everywhere so I don’t know how your bridg software is getting away with that!

That sounds pretty illegal under the GDPR though, hence why I usually feel fine paying by card if the website feels like they obey the law.

Just using a debit/credit card? I still choose not to do this when there’s a PayPal option though, just feels riskier!

They seem to be offering a lot of this sort of thing as a value-add for buying a Pixel

I assume it means the “AI” bit is running locally (for cost/efficiency reasons and so your actual voice isn’t uploaded) the results are then uploaded wherever (which is theoretically better but still hugely open to abuse)

Not knowing what the questions were, I would guess they want to know if users are actually interested in it. Presumably if everyone says they want one they’ll invest, but if everyone says they don’t then they won’t.

The point of 2FA/MFA is that you need two separate things in order to gain access. By having them both be the same then suddenly the attacker only needs to get one factor. Sure, it’s probably low risk, but it’s still risk.

Yeah I know, that was my original point. I think it’s fine to be sad that an open source project is stagnating, especially if you’re a keen user but don’t have the knowledge to change the codebase yourself. Thankfully I didn’t see anyone being rude or demanding, that’s the real bad sign.

No mentions of an alpha for nearly a year, all the recent comments are people lamenting its apparent abandonment!

Ooh where are you seeing that?

I used to use it many years ago but then one day they paywalled all the unique features

Their Github page looks like there’s active development, but yeah no actual releases for a long time

I quite like Neo/Omega launcher, it’s probably the best FOSS launcher I’ve found.

their development has been very slow the last year

This is the painful part. There are regressions that have been introduced which have sat their for years, and I’ve got no idea if they’ll ever be fixed. But such is the open source way, they owe me nothing and are still providing a generally good experience for free!

Dark Web Monitoring is available to all paying users of Proton Mail.

I know it’s their entire business model, but presumably they’re discovering the data for every proton email address and not just the paid ones. It would presumably cost them nothing to provide this feature to all users, I wonder what their reasoning was for making it a premium feature.

WhatsApp’s main resource is that they grabbed more than a billion users before Facebook took over. Saying “look how secure we are” makes the casual user think there’s no need to change.

Because they say they do and nobody’s yet proven that they don’t. But your point is of course valid: closed source security is nothing more than trust me bro.

They’re not a second factor though, they’re an alternative to the first factor (the password). I assume you’d still want something else for 2FA.

minimizing impact for people who stay off the grid

People who stay off the grid don’t have smartphones!

As much as we enthusiasts like to try and have our cake and eat it too, the only way to really be completely private/secure/anonymous is to be completely disconnected. Threat models and compromises and all that.

Well I’m in the UK and I got that error message

Sorry, Google Voice isn’t supported in your country yet

Is this another USA-only Google service?

That’s Mr Arnold Rimmer BSc SSc to you

I reckon the extra steps are just for new accounts

This is actually kind of huge. I use a variety of cloud storage providers but Proton are the only one I trust to not need Cryptomator!

The problem is a lack of context, you post an innocent question but people reading it can’t tell if it’s a troll or what. You’ve got to be careful about wording stuff online, but also just ignore the imaginary internet points.

Well that’s good for you, but the point is that info is the kind of thing that someone might have casually posted online over the years

Nothing stops us enthusiasts from doing that, this article is for a more casual user who might not realise how easy the real answers are for a hacker to discover

My personal view is that the extra security that these so-called security questions bring is worth less than the risks they bring. I’d rather the (low) risk of Bitwarden being compromised and losing the account than the (high) risk of someone searching or discovering information about me I can’t change and losing the account.

If you’re using their Messages app for some reason. A big if which makes the headline almost complete bait.

Relying more on biometrics hardly seems secure. Passwords can be changed, biometrics are forever and authorities do like to keep records of them.