Q&A: What's the Best Kind of Password?
Added 2025-01-09 01:59:22 +0000 UTCQ&A208: What's kind of password is best to use? What's the best way to get rid of mobile malware? Is government surveillance worse than surveillance capitalism and are they ever justified? Are there any options for private electric vehicles or steps to take to improve privacy? Does using a VPN with Tor ever make sense?
Welcome to the Surveillance Report Q&A - featuring Techlore & The New Oil answering your questions about privacy and security.
Video Version: https://youtu.be/4paSXNdyGkg
00:00 Introduction
00:25 Password Guidelines
04:48 Mobile Malware
08:12 Surveillance Capitalism vs Government Mass Surveillance
13:21 Electric Vehicle Privacy
15:06 Using VPNs with Tor
"Yes, you should connect to Tor via a VPN" by Jonah Aragon: https://youtu.be/vo22D-dUeCA
---
🙋 Go ahead and leave some questions below for us to look at for SR209 this weekend! (Note: We record on Friday nights in the US, so it's highly recommended to leave all questions by noon on Friday in the US)
It can be about a specific story, a general question about privacy/security, a question about the world, a question you tried last week, or anything else. Due to time restraints we can't promise that we'll get to yours, but we appreciate all of them!
To receive these posts via RSS, get your own custom link using these instructions.
Comments
Cheers Nate will do!
Satellite
2025-01-13 01:33:21 +0000 UTCHey Satellite! Thanks for the questions but we've already filmed this week's Q&A. Try reposting this on the next one when it drops later this week. (Also, DM us your username so we can add you to the Signal group.) -N
Surveillance Report
2025-01-13 01:17:59 +0000 UTCG'day guys, back for another orbit! Great content across all the channels lately by the way lads, keep it up. This one is a two-parter but both are Firefox related and also open questions for the community/forum as well. 1. Pretty diehard Firefox user here, have been for as long as FF launched essentially. It's not my only browser but it's my main for sure (Mullvad crew). It has a ton of super useful features, great add-on extension support and granular control missing from other browsers owned by data motivated companies, likely for just that reason. The Firefox account feature syncing all my bookmarks/tabs and extensions across every machine I run (I have about 4 or 5) including my portable FF version has become an indispensible component in my day to day workflow, so much so that I can run just about everything I need for my job, personal accounts and multiple projects through web apps and clients with my password manager integrated. Absolute godsend. That all being said, we've all seen the wack ass 24 months the company has had with management restructures and being bought by an ad company, which has me really worried about the future of the browser and Mozilla's motivations. I'm now forced to really think about an exit strategy as a result, should I need to bail. Have you guys come across a similar browser that can be hardened like this, but retains the functionality of account synchronisation either through direct integration or an installable extension? I'm pretty entrenched in this way of working because of it's (mostly) killer balance of privacy, flexibility and ease, but it'd be a damned shame to have to abandon it if Mozilla really does heel turn and become what it originally sought to destroy... and 2... Is it just me, or has anyone else using FF in the last 2-ish months fired it up only to notice extensions to do with ad blocking or sponsor skipping had mysteriously uninstalled themselves?? And I'm not talking like, all the extensions you had just vanishing, I mean specifically just the ones designed for blocking ads and sponsored content only. Three or four times now I've opened FF (on several of my machines, mind you) to find that uBlock Origin and SponsorBlock had disappeared, and only those two. I have others but it was just them that vanished. I looked this up and there are a smattering of Reddit posts from various years reporting similar behaviour but they all seemed to be caused by various bugs in older browser versions or the extension itself having a weird time after an update. This feels different... surreptitious and deliberate, and conveniently timed considering Mozilla's ad-company acquisition. I'm no conspiracy theorist by any stretch but that's some correlation that warrants a bit of digging. Also let me into the Signal group already! Stay private homies ✌️😂
Satellite
2025-01-12 15:17:14 +0000 UTCSeveral narrow questions since there may not be much to say in response to some of them: -Do you know of US privacy-oriented cards that work with Apple Pay for privacy in in-person payments? Privacy[.]com does not for example, and while using a mainstream credit card through Apple Pay is more private than a direct swipe/tap in terms of merchant-side surveillance capitalism, the bank that issued you the card is as free to share your purchase data with "our partners" as without ApplePay, since Apple does not strip the merchant data from your transaction data it sends to the bank the way Privacy[.]com does. -Have you or people you know used other US MVNOs similar to MintMobile in terms of privacy (e.g. Tello, Red Pocket, US Mobile) and what has the experience been like? Not that anything is wrong with Mint, but it is always good to have options ready in case a particular company shuts down, gets acquired, etc. -In follow up to data security stories about BitLocker bypass and most people not erasing data from their old devices: ~What do you think is better for encrypting a Win OS partition: BitLocker or Veracrypt? While Veracrypt is likely cryptographically stronger, BitLocker is native to Win; so, it seems less likely that a future Win update will break your system when it is encrypted with BitLocker since MS is more likely to test that prior to update release. ~What do you think is the best way to erase non-os (e.g. external) data storage devices before parting with them? Ignoring, for the sake of simplicity, wear leveling issue on SSDs/flash drives, the fact there are multiple software packages and algorithms for data erasure would indicate that a "full format" is no panacea. Sure, the next holder of your device may not be a world-class solid state physicist hell-bent on prying into your secrets, but if the additional cost in effort for extra security is slight (such as just using a different piece of software) why not give yourself a greater margin for future-proofing if nothing else?
David Johnson
2025-01-09 11:29:17 +0000 UTC
