I used to use Protonmail, however the verification steps become tedious when creating unique emails for sign ups. I've switched to Tutanota despite it contravening their one account policy. What do you all use for one off emails (for sign ups etc )? Or do you prefer one of those 10 minute email sites?

12ft ladder doesnt seem to work anymore, on major sites at least. Does anyone have an alternative? Gracias

I use Aegis as my 2fa. Today on new token creation I observed that there's hash function set to SHA-1, later checked all my tokens and the result is same type of encryption used for all. So I have edited all my tokens to SHA-256 as a result my totp doesn't authenticate. Do I have to rescan my tokens for updating to SHA-256 or it doesn't work like that?

Security: SHA-1 < SHA-256 < SHA-512

Speed: SHA-1 > SHA-256 > SHA-512

My doubts are: Why can't we use SHA-256? Is it because TOTP requires less time so faster one(SHA-1) is chosen? Can we use SHA-256 for TOTPs?

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

Pulling this off requires high privileges in the network, so if this is done by intruder you're probably having a Really Bad Day anyway, but might be good to know if you're connecting to untrusted networks (public wifi etc). For now, if you need to be sure, either tether to Android - since the Android stack doesn't implement DHCP option 121 or run VPN in VM that isn't bridged.

Hi, I used to use Instander to browse Instagram privately but it doesn't seem to be updated anymore, is there an alternative that you recommend that has similar features? Like "ghost mode" when watching stories

Over the years I have saved many bookmarks in Firefox in various folders for interesting, useful or just frequently used websites.

Now I've recently moved a lot of stuff to more private (foss/selfhosted) alternative and I'm considering moving browsers too. Since the bookmarks are so integrated into the browser I was wondering what you guys do/recommend in order to keep a bit more freedom.

One option I could think of would be to write them into a Markdown doc and to sync it with all the other notes I keep but that's a bit inconvenient - there's got to be a nicer way that doesn't send every action to a browser corpo, right?

Title is editorialized because the original is, frankly, clickbait garbage

I’m getting tired of the extremely loud ads on that don’t seem to be subject to the old TV broadcasting laws that prevent them from being blasted 10db louder than the actual content. Wondering if there’s stuff out there that would let me take the hdmi stream from my Apple TV or other streaming source, and do ad detection like the olden days so that it could just mute or do volume leveling at least.

I suppose something very basic might just be an hdmi splitter to a rpi with hdmi that’ll detect ads via the black screens or “this ad will over over in 30s” overlays, then send a mute signal over CEC or something to a receiver or TV….but would be nice if it could modify the hdmi signal directly.

Thoughts on what to search for to do something like this?

I was using the Plasma Vaults feature for the first time on my Linux computer, and it worked nicely (GoCryptFS), but when I wanted to sync that folder on my Android... I just couldn't find the right tool on Android for the job.

How do you solve this problem yourself?

I remember there being apps like xender, easy share etc. which lets you share files by one person activating hotspot and the other wifi you just have to have both party close to each other and they use no data . But they are all closed source and probably spyware and its too much of a hassle to get others to download a file sharing app from fdroid when you need to share big files so is there any website or web app which is private (completely offline after loading, is foss etc.). It also has to work on android and have good enough speed .

Yo peeps, I'm currently looking into TCF Vendors, Ad partners and their whole corporate greed hellhole of tracking. I am writing a paper on this, and would like for everything to be factually correct. However, I am struggling to understand one particular part of this "transparency framework" and hope someone can help me clarify on cookie-duration.

As seen in the first thumbnail, the cookie duration is listed as 180 days. However, upon selecting > Storage Details, each cookie is displayed in further detail. In this detailed section, there are additional cookies with duration as high as 1825 days, not 180... So which is it? Currently, I'm (obviously) assuming the worst, as in, it being 1825 and not 180 days. There are additional cookies on this list, see spoiler below, that have cookies with the duration of 180 days. Why are the cookies with the highest duration listed on the first page? And if the answer is that "it would look worse", then they also have cookies with lower amount of days than 180 that could have been used. There are multiple cookies with different durations, do all of them count?

If needed here is a spolier that includes all the cookies in detail from the Exactag GmbH vendor.

Exactag GmbH - Storage details

Name: exactag_new_adoptout
Type: Cookie
Duration: 1825 (days)
Domain:
Purposes:
Store and/or access information on a device
Refreshes Cookies: No

Name: exactag_new_ccoptout
Type: Cookie
Duration: 1825 (days)
Domain:
Purposes:
Store and/or access information on a device
Refreshes Cookies: No

Name: exactag_new_optout
Type: Cookie
Duration: 1825 (days)
Domain:
Purposes:
Store and/or access information on a device
Refreshes Cookies: No

Name: exactag_new_cpv
Type: Cookie
Duration: 1 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: No

Name: exactag_new_gk
Type: Cookie
Duration: 60 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: No

Name: exactag_new_uk
Type: Cookie
Duration: 180 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: Yes

Name: exactag_new_user
Type: Cookie
Duration: 180 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: Yes

Name: session_session
Type: Cookie
Duration: Uses session cookies
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: No

Let me know if any additional information is needed.

Simple steps to take before hitting the streets

Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the current reality. In light of that reality, I believe that an encrypted email provider is a must-have for everyone in today’s age of rampant data breaches, insider threats, warrantless police access, and targeted advertising. If I can get access to your emails, I can get a range of sensitive information including where you bank (to craft more convincing phishing attacks), information about pets (I get notifications each year from the vet for my cats’ annual checkups), calendar reminders, news announcements from family, support tickets from services you use, and more. In a worse case scenario, if I get access to the account itself, it’s trivial to simply issue password reset requests for nearly any of those accounts, have it to sent to said compromised email account, and gain access to a wide number of other accounts you use – from banking to shopping and more – for any number of reasons. So this week, let’s look into the top encrypted email providers The New Oil recommends and their features to help decide which one is right for you.

Hey guys n gurls, I was wondering if it is smart to disable my VPN connection for casual browsing.

Reasons: when having VPN constantly running it may be possible to track me via browser fingerprinting.

Szenario: the connection coming from the VPN which hypothetically downloaded a torrent, tries to watch capitalist propaganda while living in China, etc.pp has this screen ratio, this locale, this addons etc. And (more important) the YouTube login cookie we know belongs to this physical person/telephone number etc.

So I am wondering if I should only use the VPN when "needing" it (read articles not available in country, Netflix, read information government doesn't like, things like that.) Or if I'm missing something here and I could obscure my causal day to day browsing as well without decreasing the security of the VPN.

For reference, the VPN doesn't log anything (for more than a day) to my knowledge

EDIT: From what I understand from the comments: switching the VPN has little to no impact on widely used tracking and if at all makes it easier to corelate data. People emphasize the general lack of full privacy if you are wanted by entities willing to spend enough resources. But for the general need of privacy in normal usecases it makes more sense to just leave the VPN running.

Does it make sense to have separate emails for each individual financial account (banking, credit cards) or is that overkill? I'm just thinking that if a hacker got access to one email they'd have all account information?

When I get notification from my other user account (which is named "Work"), it only says "Notification from Teams for Work"

Teams = Microsoft Teams app

I just hate having to switch back and forth between accounts to see the full contents of the message. I really don't want Teams or Outlook installed on my main account, I want my main account to FOSS, while my other account can have the other proprietary apps. I just want to be able to see the full contents of the message when it gets forwarded, and not just "Notification".

Scrambled Exif vs Metadata Remover