My holy trinity of trust : memes

[–] [email protected] 99 points 11 months ago* (last edited 11 months ago) (3 children)

The thing is, ownership of any of these can change at any time. Bitwarden, Mullvad, and Tutanota could be sold to very different owners.

That is up to and including something like uBlock Origin, which only has one developer, and would suddenly be very different if that developer died and the project had to be forked.

You can never trust that the person who takes on the reigns has the same ideals as the people running them now.

Hell, Mullvad was abused to the point they removed access to Port Forwarding on their VPN service, which has led to many people needing to switch to crummier, shadier VPNs that still offer port forwarding access. That's not Mullvad's fault, but it is an example of them having to change their philosophy and what they offer because of abuse.

Trust should only go so far, and loss of trust should be very easy. There's not a good reason to keep "trusting" something when it has fundamentally changed from its initial ideals.

[–] [email protected] 22 points 11 months ago

Hell, Mullvad was abused to the point they removed access to Port Forwarding on their VPN service, which has led to many people needing to switch to crummier, shadier VPNs that still offer port forwarding access. That’s not Mullvad’s fault, but it is an example of them having to change their philosophy and what they offer because of abuse.

It's a real shame too. It was a nice feature.

[–] [email protected] 10 points 11 months ago (2 children)

Hell, Mullvad was abused to the point they removed access to Port Forwarding on their VPN service, which has led to many people needing to switch to crummier, shadier VPNs that still offer port forwarding access.

Could you explain what happened?

[–] [email protected] 25 points 11 months ago

As clear as I can make it out, it seems like it was related to a search warrant that was executed on Mullvad.

https://mullvad.net/en/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/

Because just a little over a month after the news of the failed raid, there was news of them removing port forwarding.

https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports/

Emphasis mine.

Unfortunately port forwarding also allows avenues for abuse, which in some cases can result in a far worse experience for the majority of our users. Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.

The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked.

The abuse vector of port forwarding has caught up with us, and today we announce the discontinuation of support for port forwarding. This means that if you are a user of forwarded ports, you will not be able to add or modify the ports you have in use.

[–] [email protected] 4 points 11 months ago

They made a smart call that has probably increased the long term privacy of their users.

People were using port forwarding to host illegal shit, and governments were getting pissed off about it. Mullvad has been able to prove in court that they don't keep logs, but that's not a perfect deterrent; a properly motivated government, perhaps if somebody is using Mullvad to host CSAM, might attempt to legally force Mullvad to put logging in and add anti-canary clauses.

Preventing port forwarding keeps customers as consumers rather than hosters, and avoids this issue.

[–] [email protected] 8 points 11 months ago

Same thing just happened with IVPN :⁠-⁠\

[–] [email protected] 45 points 11 months ago (2 children)

bruh, i can't be the only one confused why state farm's drive safe app was being touted...

[–] Udonezo 7 points 11 months ago* (last edited 11 months ago)

allows their car insurance to spy on their location data and driving habits Is curious about privacy

Okay buddy

load more comments (1 replies)

[–] [email protected] 30 points 11 months ago (2 children)

I love Mole, Shield and Road

[–] [email protected] 16 points 11 months ago

Ah, the new pokemon game that just came out.

load more comments (1 replies)

[–] [email protected] 25 points 11 months ago (13 children)

Why do you trust a Germany based secure email over something like Proton? At least Mullvad is Sweden based.

load more comments (13 replies)

[+] [email protected] 21 points 11 months ago* (last edited 9 months ago) (5 children)

[deleted]

[–] [email protected] 20 points 11 months ago (2 children)

https://www.engadget.com/protonmail-climate-activist-ip-swiss-french-authorities-233004304.html

Europol requested it. Even though you think your service is not under 14 eyes there still is gonna be many other problems.

You can always find problems with the service itself.

[–] [email protected] 8 points 11 months ago* (last edited 11 months ago)

And that proves what exactly? Swiss law required them to hand over an IP address. Swiss ptivacy is not absolute. They have laws. An IP address didn't grant them access to the encrypted emails. Proton openly admits they had no idea who the user was. The activist should have used a VPN, which Proton also offers as a service, and then whatever activity trail they linked to the IP would have died at Proton's VPN network.

[–] [email protected] 4 points 11 months ago

Protonmail then went to court, and got the law changed so it doesn't happen again https://www.reuters.com/technology/proton-wins-swiss-court-appeal-over-surveillance-rules-2021-10-22/

[–] [email protected] 11 points 11 months ago

Five and eleven eyes doesn't matter if the service is encrypted and open sourced. Also, did you know that Switzerland has no superior privacy laws comparing to Germany? It's all marketing bluff.

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago) (1 children)

Selfhosting an email is very hard but I think that at the end it’s worth it

[–] [email protected] 5 points 11 months ago (1 children)

Until Gmail/Hotmail decides your IP is a spammer and forever you have deliverability issues from then on

load more comments (1 replies)

load more comments (2 replies)

[–] whileloop 19 points 11 months ago

KeePass is also a good password manager, it's open source and you get to store the password database anywhere you like.

[–] [email protected] 16 points 11 months ago (1 children)

I have bitwarden and mullvad, but what's the other one?

[–] marcus 14 points 11 months ago

It’s Tutanota, an email service

[–] [email protected] 14 points 11 months ago (1 children)

keepass > bitwarden

vpn providers should be reviewed regularly

email is inherintly insecure/non-private, self hosted is best

[–] [email protected] 9 points 11 months ago (6 children)

why do you prefer keepass to bitwarden? has it better privacy or is it just a personal preference because you like the UI more for example?

[–] [email protected] 20 points 11 months ago* (last edited 11 months ago) (4 children)

keepass is a different paradigm. it uses a locally encrypted file. many frontends for it (use keepassxc and keepassdx). dont have to rely on some 3rd party, even if they say they have e2ee. theres no better privacy (and security) for an app than not using it with the internet. im not too concerned about ui for pw manager personally, the less time i spend w it unlocked the better. only (slight) problem for me: multi device usage (i just copy the file onto my phone occasionally). general rule of thumb: if it can be selfhosted, it is best to.

i think bitwarden is the best one of its type, it comes down to your needs and threat model

[–] [email protected] 28 points 11 months ago (1 children)

Idk if anyone else mentioned this but bitwarden can be selfhosted.

[–] [email protected] 4 points 11 months ago

good point!

[–] [email protected] 7 points 11 months ago

I use syncthing to sync my KeePass file, and I highly recommend it. Very easy to set up

[–] [email protected] 5 points 11 months ago* (last edited 11 months ago) (2 children)

I really like the cross device sync, even tho it's a security risk of course. also, I don't know anything about self hosting (might get into it when I got the time), so bitwarden might be the best pw manager for my requirements rn.

[–] [email protected] 4 points 11 months ago (2 children)

It's possible to sync keepass using syncthing, i use it that way.

load more comments (2 replies)

load more comments (1 replies)

load more comments (5 replies)

[+] [email protected] 8 points 11 months ago* (last edited 8 months ago) (5 children)

[deleted]

[–] [email protected] 20 points 11 months ago (2 children)

You do also kind of put all your eggs in one basket so to speak though. I don't have anything against Proton and the pricing makes sense if you value all their services and pay for Ultimate (though by my estimate, less sense if you are only looking for a smaller handful of services). However, if you go fully into Proton for everything, you're placing your trust into an entire stack of services and it can end up a single point of failure.

load more comments (2 replies)

load more comments (4 replies)

[–] [email protected] 7 points 11 months ago (3 children)

For anyone still using Mullvad and wants port-forwarding, I recommend AzireVPN.

Good list! I use all of them too.

load more comments (3 replies)

[–] [email protected] 5 points 11 months ago (1 children)

I trust bitwarden, but android app doesnt trust me!

load more comments (1 replies)

[–] [email protected] 5 points 11 months ago (1 children)

One of these is Bitwarden. What are the other two?

load more comments (1 replies)

[–] [email protected] 4 points 11 months ago (1 children)

I might swap bitwarden by passbolt as it uses a more recent programming stack, although vaultwarden looks to be a good alternative too.

load more comments (1 replies)

[–] [email protected] 3 points 11 months ago (1 children)

That mole is sus to me, I am more like into Snakedragons.

load more comments (1 replies)

Memes

Rules: