Q&A: Was Our Password Manager Advice Wrong?!
Added 2025-01-02 01:00:05 +0000 UTCQ&A207: A counter argument to the advice we gave last time about securing your password manager, where to get crypto without turning over ID, and the potential drawbacks of mass privacy adoption.
Welcome to the Surveillance Report Q&A - featuring Techlore & The New Oil answering your questions about privacy and security.
Video Version: https://youtu.be/3-tXbYe53Mo
00:00 Introduction
00:25 Password Manager Advice Rebuttal
06:38 KYC-free Crypto (Besides Bisq)
07:33 Can Mass Privacy Backfire?
14:01 XMR Chat Shoutout
---
π Go ahead and leave some questions below for us to look at for SR208 this weekend! (Note: We record on Friday nights in the US, so it's highly recommended to leave all questions by noon on Friday in the US)
It can be about a specific story, a general question about privacy/security, a question about the world, a question you tried last week, or anything else. Due to time restraints we can't promise that we'll get to yours, but we appreciate all of them!
To receive these posts via RSS, get your own custom link using these instructions.
Comments
I was thinking about that serbian journalist that got malware installed on his mobile by the police. What would he have to do?
Gunnar
2025-01-05 04:09:22 +0000 UTCIf you think the problem is persistent or particularly invasive, you may want to do a reformat after a factory reset.
Jeff Jockisch
2025-01-05 02:27:55 +0000 UTCEntropy is important, but length is more important. A string of disconnected words you would never find in sequence, with a number, symbol or two thrown in is better.
Jeff Jockisch
2025-01-05 02:14:22 +0000 UTCMy understanding has always been that randomized passwords tend to be better than strings of words. Recently I've seen some people mention that they're easier for computers to guess and have seen a lot of people recommending word strings for master passwords. I'm currently using a mishmash of a couple of words crammed together with some numbers and symbols thrown in to be 23 characters long. Would making a longer password with mostly random words potentially be a preferable option for security or would the mishmash I'm using now be "good enough"?
Rasta
2025-01-02 23:47:36 +0000 UTCJust a hypothetical case. If your mobile is infected with a malware of any case, rootkit, spyware... What is the safest way to get rid If it? I guess that a factory reset is not enough? Is reinstalling the OS enough, as you do when you install LineageOS, CalyxOS for the first time?
Gunnar
2025-01-02 22:12:12 +0000 UTCimiting the scope of the question to indiscriminate mass (as opposed to targeted) surveillance, what is your opinion on the relative undesirability of business vs governmental (domestic) surveillance? Using software as a metaphor, government is an OS+AV while businesses are user-installed programs. So, people argue about issues such as whether an OS should be open-source or closed-source (transparency), how much compartmentalisation across OS elements is best (separation of powers, federalism), what features are useful and what features are bloat (should there be a Dept of Candycrush), what elements should be determined by user choice (democracy), to what extent it is appropriate for ordinarily user-installed programs to be bundled with the OS (cronyism), whether the OS should eat up a huge chunk of system's resources like Samsung's rewrite of Android, whether it should run Win Recall like many post-2001 initiatives that made the news in the past decade or so, etc.... Similarly to permissions for an OS+AV, it seems that even the most minimal "bare-bones" government of libertarian dreams cannot effectively perform even its most essential functions without collecting a lot of data on the governed. In contrast, most new good things in the "products and services" domain come not from corporate behemoths that sit on massive troves of customer data, but from startups that have no customers, and hence no customer data, but instead have intelligence, creativity, drive, and independence of thought (or bottom-up from individuals like that within large companies rather than top-down). If anything, masses of data only help a business to practice subtle psychological manipulation to expand its share of your monthly spending or to engage in sophisticated forms of price discrimination. In addition, businesses are not even subject to the legal constraints to the extent the government is β hence news stories about surveillance outsourcing and bulk data purchases from the private sector. In other words, few would dispute that an effective OS+AV needs the highest privileges and wide access to the system and to data on it to operate effectively. In contrast, a text editor that is lousy to begin with is unlikely to get better by harvesting everything that its users type and keeping an SF-86 equivalent for each of its users. Since a growing mercenary spyware sector appears to be putting the most sophisticated tools in the hands of any government willing to pay, it seems that the Constitutional and legal "kernel" backed by public opinion is the only realistic check on internal abuses, not the availability of homegrown tools. How do you guys view the potential detriments of these two classes of surveillance?
David Johnson
2025-01-02 10:54:48 +0000 UTCFollow-up, would you recommend taking any steps after a car purchase such as setting up an account with the car manufacturer specifically to opt-out of data gathering?
M
2025-01-02 04:59:33 +0000 UTCWhat options are available for a privacy-respecting car that is electric?
Khalid Duel
2025-01-02 01:42:12 +0000 UTC
![J.A.X [Ai art]](https://xaiju.com/istorage/100248.jpg)
