• 0 Posts
  • 147 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • An online database is still a file ultimately. A SQL or other DB file stored in a webserver, accessed through a web interface.

    Vaultwarden, etc, are the same, only the database file is less directly visible IMO. Keepass IMO is simple. The DB in a bespoke format, stored outside the application.

    You could put the vault in system32 and name it “trustedinstaller.log”, and if someone saw you had keepass they wouldn’t even know where your vault is.

    Given the number of well documented breaches of online password vaults, I would much rather do a private device to device sync via syncthing and keep it out of webservers.














  • Revisiting this many weeks later: what do you think of the idea of super users who can be delegated an ability to silence/quarantine other posters?

    Admin

    Moderators

    Superuser

    User

    Maybe if they only had the ability to flag a user and put them in "time out, and it couldn’t stack or be consecutive from one superuser, etc?

    I dunno. It might be a good way to help police the content without making people volunteer to be full on mods. And it can be treated as a semi privileged role, that expires are X months and only X number ofnactive users in good standing can have at once?

    A little complex to implement, but it might at least let mods crowdsource the task of stemming the worst of things.


  • Yes.

    They will often display prompts while driving that are on a timer “suggesting” route changes or alternates and auto selecting yes.

    To abbreviate massively and not dox myself, this caused me serious financial harm as a road trip rerouted onto roads unsafe for my vehicle.

    I loathe Google and many tech companies for their sheer and ardent refusal to have proper customer service, or any method of customer feedback. A/B testing will never tell you that the top navigation directions should focus on the major high numbers and road names, not what road segment you are on. I need to know what lane to be in for my next turn in 5 miles, not how many times I will fade merge between segements only to have you finally tell me the lane when I’m a quarter mile away.

    Google Maps is fucking awful in so many ways that are inexcusable, and worst of all they were allowed to fucking buy more of their competitors. Right now Magic Earth is a distant also ran in this field, and due to Google’s massive proprietary features always will be without support.

    And I haven’t even mentioned how my map results are plastered with promoted ads and locations. Which is just useless and infuriating when I am searching for a specific placename.




  • KeePassXC you would put the sync-file itself into syncthing or something, and then KPXC would resolve changes between the sync file back to the main vault. I don’t use this method directly so I might be incorrect on the details, but it is possible to setup in a device to device manner.

    You keep saying external server for syncthing, but again: syncthing does direct data transfers, encrypted end to end, between devices. It does not use cloud hosting or servers. It has the equivalent of a 90s FPS matchmaking lobby, so you can find your own devices latest IP.

    You register the devices with each other with their generated ID codes. Then you ask the matchmaking server when it last saw that alias. It gives you the last IP that checked in with that unique alias. It then contacts that OP, and performs a handshake. If it passes, your two devices can now sync directly. The matchmaking relay has 0 data of yours, and 0 ability to associate your unique ID with a name, hardware, or anything other than a last seen IP. When on the same LAN, devices don’t even query the matchmaking relay if you don’t want. It’s totally offline.

    If you elect to, you can allow relays to let you tunnel of you have NAT issues, and your end to end encrypted data can be synced through a relay. In those cases then yes, you are extending a bare minimum trust, and you fully encrypted data would temporarily pass on the relay’s RAM. If this makes you paranoid, you can easily add a password to the sync folder itself, encrypting it unless another user inputs the password on the other end. Adding another layer if you wanted.

    I just get nothing from Bitwarden that syncthing and KeePass don’t offer more easily. Syncthing works for tons of devices and other purposes as well, preventing to host a password sharing only tool, and just letting you use a direvy device to device sync tool. I don’t know how or why you would have vault conflicts, but it really does sound like something fixable. Running this for years and I’ve never run into it.


  • This is one of the rare cases where I believe security through obscurity applies.

    What is the most ripe attack target: the password hosting service with millions of user credentials, or literally some random IP address using syncthing that could be sending literally anything that you don’t know is passwords or porn.

    Companies like Bitwarden and 1Password and LastPass are doomed to have failures, just like any major corporation. They are too big with too much attack surface, and clearly advertise that they have stuff worth stealing.

    Me? My KeePass vault is synced via Syncthing with no relay data, so it only ever exists on my phone and desktop, and is encrypted with what is today functionally unbreakable encryption. Today at least (RIP when quantum chips get good).

    And my data is a blade of grass in a field. Sure there is a narrow chance someone snooping on my entire geographic area and stealing packets like the FBI could grab some packets in transmission. But they show nothing, and mean nothing. And the FBI has easier ways to get our data anyways.

    Point is, I’d rather take my odds as a heavily encrypted file syncs between singular devices like a drop of water in the ocean, versus putting all my diamonds in Joe’s Diamond Emporium and just hoping no one decides to steal MY diamonds when it (inevitably) gets robbed.


  • In this circumstance, you can turn on simple versioning for the password vault. It will keep both vault copies and you can merge your changes together manually in the event this happens, no loss of data.

    For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate. Not saying it doesn’t happen, but I believe this can be solved.

    However KeePassXC’s sync feature does sync the vault.

    Syncthing does not have a server. The relay only serves to match your current client (device A) with the IP of your other client (device B). Nothing else passes through it unless you opt into using relaying in case you have NAT issues.

    If you are paranoid, the software is open source and you can host your own relays privately, but again, it is similar to a matchmaking service, not data transfer.

    Syncthing is a direct device to device transfer. No server in the middle unless you want it.

    https://docs.syncthing.net/users/relaying.html