Every community I care about is dead

  • 0 Posts
  • 14 Comments
Joined 1Y ago
cake
Cake day: Jun 12, 2023

help-circle
rss

Publicly existed. It was announced 4 days ago. The author said they have been working on it for a full year now, but until they release it there’s really no way for third parties to be using it and forming opinions.


That should definitely be linked for context of this “data”

Edit: That article directly calls 4get “the best search engine”, and the diagram implies that to be the case as well. Given that 4get has existed for 4 days I just find everything else from the author to be very suspect. This should at least have the author’s context added or more of a heads-up that this isn’t exactly rigorous data. 4get’s current audit status is just trust me bro, which I find difficult when the entire rest of the about page is filled with immaturity.


Are you the creator of 4get, OP? Your account is 4 days old, the same age as the post announcing 4get on reddit: https://old.reddit.com/r/selfhosted/comments/16emfv0/4get_a_proxy_search_engine_that_doesnt_suck/

Why not just announce your project normally here instead of this biased chart?


Assuming ProtonMail supports catch-all (I don’t use Proton), this is fine and a typical use of the catch-all. You may get weird looks when you give a business their name back as your email, and if anyone figures out that you have a catch-all they might just spam you regardless, at any email address they want, e.g. “icanfreelyspamyou@catata.fish”. I would add a string of numbers/letters at the end, like “target.akr8@catata.fish” so you can be sure when someone sells your email.

All said, it’s a little bit weak to any determined adversary. Any human who figures out your plan can easily start playing around with it - Target may sell your email as “thisguywantsspam@catata.fish” and you’ll never know who sold it.

Edit: Also, you’re trivial to track across different accounts if anyone figures out that you own the email domain.


IMO switch away from services as fast as you’re comfortable with - it’s not all or nothing. Switch the easy ones now, and build escape plans for the rest. Small steppy is better than no steppy.


I’ll just note that I also have these extensions on my LibreWolf install, from the AUR.


The most functional would be their VPN, which seems to be fine for its price.

Unfortunately no. Their VPN is perhaps the worst of their offerings (when it comes to Linux). Read my reply here and jjffnn’s reply here


That’s crazy. Proton just not giving a fuck about Linux is a red flag for a privacy company.


Bitwarden supports AnonAddy, DuckDuckGo, Fastmail, Firefox Relay, and SimpleLogin. I use it with my paid SimpleLogin account using the SimpleLogin default email domain (configurable in your settings - can be a SL-owned domain or your own).

I’m guessing ProtonPass just uses SimpleLogin on the backend since SimpleLogin is owned by Proton. I don’t think there’s really much difference unless you count 1-party being an advantage instead of 2-party.

Edit: O there is a difference in cost - not sure if this is what you meant. Bitwarden+SL will cost more (assuming introductory $1/month pricing on ProtonPass)


IIRC it’s missing a number of features that ProtonVPN Windows has. I last checked into it a year or so ago and the attitude was that it was a very shoddy application missing most features. I found this github issue expressing this sentiment but I don’t see much in terms of specifics.

I don’t have a paid ProtonVPN but I just downloaded the VPN on a free account and it only has 3 options on it:

  • Secure Core on/off (only select servers in privacy-friendly countries)
  • Netshield (DNS adblocking etc)
  • Killswitch

I use Mullvad so I opened that up alongside and will list out the features it has on its Linux client in comparison:

  • DNS adblocking
  • Killswitch
  • Wireguard
  • Auto-launch on pc start
  • Split tunnel support
  • Local network split tunnel allowance
  • Disable ipv6
  • Custom DNS server
  • Protocol obfuscation (UDP-over-TCP)
  • Multihop servers
  • Quantum-resistant tunnel (for Wireguard initialization)

The main ones for me are split tunneling and Wireguard. Using a VPN that doesn’t support these is a non-starter for me, unfortunately. If any of this is different when you have a paid ProtonVPN account let me know - I don’t have very much experience with it.

TBH, if protonVPN under linux was any good I would probably have Proton Unlimited. I can’t justify paying for Mullvad and Proton Unlimited, so I DIY my own collection of services to match functionality for about the same price.


For the record, Bitwarden also has email aliasing built-in when generating a username:

Email forwarding username generation


Same thoughts here. ProtonVPN under Linux is very poorly supported.


It’s mainly a difference in threat model. 2FA within a password manager is still 2FA for concerns of a website login being hacked by remote adversaries, which is the most important problem to solve.

If you use 2FA within your password manager, you should still lock that outer-most password vault with 2FA from a separate device (like you said), which solves your password vault being hacked by remote adversaries. Optionally, you can then use aggressive idle-locking of your vault on your personal devices, in case they’re stolen physically.


If they’re going to try to compete with Bitwarden they could at least offer 2FA for free instead of paywalling it as a feature. It was disappointing when Bitwarden did it, and it’s even more disappointing with Proton - it’s like failing an open book test.