And now I understand why that weirdo was so hellbent on the corporations of the world supporting this

I can’t speak to their Password Management as I use Bitwarden for that

But I am slowly but surely migrating myself away from gmail to (my own email at my own domain routed to) Proton. The webmail is very much comparable to gmail and, if you communicate with like minded people, it has decent support for signing and even encrypting email both to other proton mail users as well as to complete randos with just a password that you can send later. My only real complaint is that (… for some really good reasons) there is no easy to use exchange server and I need to run their mail bridge to use a desktop client like Thunderbird to send and maanage and (one day) back up emails.

VPN? I switched over to this around the same time I decided I wanted to “take control” of my email and it works pretty well. Very easy to get some openvpn credentials that I can plug into whatever setup I want. And no extra fee for port forwarding unlike SOME providers. That said, my main complaint is that the port is semi-randomized which doesn’t play the nicest with my totally legit linux iso torrenting setup… But a quick docker ps and docker logs and then updating the config is pretty trivial and I only have to do it maybe once a week?

The big elephant in the room is that, as you rightfully understand, you are still putting a LOT of trust. But that is actually why I like Proton. Because other companies pretend they are going to knife fight the CIA and the US Government on your behalf all while actively not acknowledging anything until we get a post mortem. Proton are VERY open about just how far they are willing to go to protect you (not very) and what YOU can do to mean that Proton can’t provide much useful information once the appropriate paperwork and legal actions have been filed.

I wouldn’t trust a paid account with anything more sensitive than what really innovative stuff a friend did with a bun in the dumpster behind the Wendy’s the other night. But, hypothetically, if I needed to send an anonymous email? Third party VPN/Tor, clean hardware, and a free Protonmail account works great and I do trust Proton to give the absolute bare minimum in that case.

And just for a bit of context. My “grand plan” is to migrate the vast majority of my correspondence and accounts to email addresses tied to one or more of my own domains. Currently I plan to use Protonmail for the mail server because I don’t want that smoke. But the point is that I control the email address so I can get my Heat on and walk away in 30 seconds (actually more like a few hours but…).

Which is why the other aspect of that is that I want to back up the emails I actually want to save (rather than just EVERYTHING like those of us with older gmail accounts do) via a local client that I then archive to an encrypted volume on my NAS and (REDACTED) after that.

Not sure if google is particularly different but the way this works for the other services is basically low energy bluetooth scanning coupled with the phones providing their location*. So basically all the devices on that scanning/spy network periodically ping/listen for nearby devices/trackers. When it finds one, it sends a quick message to the servers with that phone’s location and the ID of the tracker. Get enough of those pings and you can triangulate the position of the tracker pretty precisely.

Which… is why this fundamentally does not work with “hacker” solutions that allegedly emphasize privacy. Because you just don’t have enough devices listening. This was painfully obvious with tile back in the day and is still an issue with Samsung in some countries.

*: Via a combination of gps, cell tower, and wifi network scanning. The less obvious part of that being wifi networks which is the majority of how interior positioning works.

I mean… bluetooth is literally broadcasting your position (sort of/it depends on the implementation). It is not at all a stretch that you should turn that off if you care about privacy. Same with not scanning for what wifi networks are available or even pinging GPS satellites (because that leaves a log). Hell… cell tower logs are a treat for cops/TLAs for a reason.

Aside from that? Good for you. If you actually follow through on that I can respect it. My point is more that this particular solution seems like the worst of all worlds.

Either you are demolishing your battery with regular phone homes to a server you hopefully control or you are relying on a push via SMS and the hope that you lose your phone somewhere you havea reception. And you still only have YOUR phone and YOUR network to track it which has significant drawbacks if you travel.

If people truly change their lives and focus on it, you can do a lot. But it does not take much, at all, to become compromised to one degree or another and people vastly underestimate the amount of redundancy. Or even the impact of a sibling or partner or even friend.

Instead, the common case is people will tweak one small aspect and think that does anything other than inconvenience them. Or, worse, they’ll watch a youtube and decide to put EVERYTHING through their vpn which… defeats the purpose because they are still one easily collated set of profiles/cookies that can trivially reveal that “Fred Smith in Afghanistan” is really “Fred Smith in North Carolina”

Which is why my approach is that there is data I very much want to protect and data I know I can’t. So I focus on understanding the former while doing what I can with the latter.

And something like this? There are probably specific niche use cases for this. But it is a product/service that fundamentally requires aggregated data. And, depending on the implementation, it is going to fuck with your battery hard.

I guess. But it is really going to depend on where you live and just how frequently it does dial home.

My personal use for these networks is luggage tags. But a friend lost her phone on a hike a few years back and the find my phone stuff was more or less useless due to poor reception and ever dwindling battery.

The real benefit is the low energy bluetooth magic and OTHER devices to do the phoning home. Because maybe I have shit reception but someone hiking a hundred feet away has good reception and updates the ping.

Took a bit to figure out what it was even claiming to do

When enabled your phone constantly sends e2e encrypted your location to the server where you can than access it from a webbrowser.

God no. Just take a hatchet to my battery and be done with it.

Also: Until a month or two ago, sure. But google finally got their shit together-ish and set up a tracking network the same as apple and samsung. And that is what you are sacrificing your privacy for. Yes, you give Big Tech tracking information… that they already have. In exchange you can actually have peace of mind of knowing your luggage is in the same airport or even where you parked. And you can’t really self-host a crowd-sourced network.

Video length is incredibly important to The Algorithm and a LOT of content creators time their videos to the second. Taking away control of that (even if the end result ins the exact same length) is going to ruffle a lot of feathers and lead to a lot of people who want to “be a champion for the viewers who should like, comment, and subscribe and use my referral code for war thunder” as a result.

It was inevitable (and is arguably the “logical” extension of sponsor segments).

As for what it will do to timestamps: The same thing it does to timestamps in podcasts. Some podcast players have a special way to tag the timestamp to adjust with the inserted ads but NOBODY hosts with those. So they are rendered useless.

On the youtube side? They could potentially be auto-adjusted because youtube will know how many ads were inserted . But considering the goal of this is to serve ads…

I guess I am not getting it.

If you can access your files, you can copy your files. If the concern is that you only know how to connect from a full PC, consider plugging a laptop into the switch (or even just set up a VM).

Hard to give much more help without knowing your actual setup. But one nasty solution is to ssh into the server then connect to the running container (or mount the same storage into a different one) if there are some shenanigans going on there.

But yeah. My general rule of thumb is that if something needs to outlive the life of a container then it is being stored on the local filesystem or a zfs/ceph pool.

Really depends on your current tool so RTFM on that.

But when you are activating it in your account? There is a QR code you are supposed to scan. And there is almost always a button like “Having trouble?” or “Show TOTP Key” or whatever. Click that and you get a long alphanumeric string instead. Paste that into the TOTP field for Bitwarden (or Keepass or whatever) and it will generate codes for you.

Once or twice I have had to actually use my phone camera to decode the QR code so that I can manually type in the TOTP code/seed, but I think the last time I did that was in like 2020?

There is.

2FA. No, not the fucking “we’ll send you an SMS” bullshit that is increasingly used to just highlight an active phone number for spam purposes. Proper TOTP with the code backed up to a proper service (bare minimum, Bitwarden)

Someone can steal your password and even your email account (unless you TOTP that too…). They still can’t get into your account unless you are an idiot who gets tricked into providing the 2FA key.

In a perfect world? Have your TOTP credentials in one encrypted database/Bitwarden account and your passwords in another. In reality? Just use a trusted service. I used to be a big fan of Keepass but protecting that with a yubikey (or similar) is a huge mess.

The recent push for passkeys (?) is a nice-ish middle ground. People don’t need to understand how to paste a TOTP code into Bitwarden but they still need to approve a login. That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.

I mean… It would be nice if they put a nicer message there. But I mostly agree with that.

Look up how people social engineer their way into apple accounts and so forth. The more you put the burden on a (perpetually) underpaid CSR the easier it is to steal an account, Spin a sob story and then harass the CSR until they just reset your password so you will go away. Except there is no guarantee that is YOUR password and now we have yet another stolen account.

Not sure if they had a third party manage it for them (there has been a LONG history of super vague “secret” dealings) but it was for their kickstarter rewards through backerkit or whatever. So the same survey you get asking how many extra books you want to buy or whatever.

King under the Mountain always rubbed me wrong. They hit right at the tail end of “wow. kickstarter is awesome” and right before people realized how many DF-like colony sims there actually were. And then their kickstarter survey, for a key with no add-ons, required an insane amount of personal information. I think they claimed it was for VAT but saw a few “ask a lawyer” threads that pointed out that was nonsense and could have been done with a checkbox.

And the super duper secret publisher right around the time interest was spiking because of DF-GUI was more than a bit sketchy

I dunno. I know that it is hell out there for indie devs (not so much in 2021/2022 but…) but all that combined with the game never feeling like more than a “unity school project” REALLY raises a massive number of red flags. Probably just a single kid in over their head and trying to act like a “real” studio but… yeah.

Still, good to see it was released as open source and here is hoping the fanbase that glommed onto this can carry it forward.

Ventoy is a tool I want to use and that would regularly fix issues when I am simultaneously provisioning and diagnosing a system.

But it feels like it breaks if you even look at it in an unexpected manner or if any distro updates at all.

So end result is it works once or twice and then I need to reformat the stick to pop on mint or debian server or whatever anyway.

I selfhost my own nextcloud for notes and documents that I would like on my phone but not via google.

It is not a google docs/gmail/whatever replacement. They’ve spent the past few years hardening it and pushing for all the hallmarks of enterprise first software (e.g. making it a complete fustercluck to not have a proper domain name) but you still have stability and performance issues and the occasional upgrade issue that fucks up everything

I would also point out that if you aren’t selfhosting, what are you actually getting out of this? You are just spreading your data out to other companies who are often less transparent about how they monetize you.

If there hadn’t already been a court ruling-ish (it is complicated) giving Nintendo the “right” to do this? Sure

As it stands? It very well could be an intern filling out a word document

You don’t need a lawyer to file a DMCA request. You just need to be ready to get one if someone disputes it.

And Nintendo almost definitely have lawyers on retainer, if not in house. The added cost of this is the effort it takes to search github for “uzu” and send an email.

It is almost a zero cost. They already have the legal-ish ruling. It is just filling out a form letter and sending it out.