Jul (they/she)

LLMs have uses, some of them are even quite intriguing. But they have to be properly trained. You can’t just throw the whole internet at a baby with very little other training and expect them to not be corrupted by random wrong information. Same goes for LLMs though on a much larger scale. Also, they are often configured to give an answer even when the confidence in it being correct is relatively low. Something an expert would never do, they’d consult only specialized information, not just review the top search results on Google. This is one reason why they “hallucinate”. Commercially trained models just aren’t all that useful as a source of information or to correctly complete tasks. And additionally there are extreme ethical concerns about how it gets the information it’s trained on including using hacking botnets to impersonate a human among other things. A person who’s an expert has to review everything in excruciating detail and so most of the time it’s just more cost effective to just consult an expert in the first place. It’s like going to a proverbial used car car salesman and asking how cars work. Sure they might have picked up a fair amount of information from being around mechanics, but some of it is wrong and what they don’t know they’ll just make something up that sounds mostly plausible.

Yeah, email isn’t private, but for me it’s usually that I don’t like my host reading all of my mail to build an profile on me and selling that data. Individual emails in isolation aren’t a big deal, but seeing every email and what company or agency sent it is as problematic as the content even if you encrypt the mail content itself. Emails that I sends I always assume are not private, but that’s a separate issue, IMHO. There’s a lot of private information like what protected classes I am part of, political leanings, places I shop, etc., that can be gathered simply from who sends mail to you and who you send mail to. This is why I self host for most of my email.

That being said I still use gmail as I need a backup option and I use it for things where I don’t want the junk sender to know my domain and spam all of my accounts.

But Proton is really not much more private than Google in several scenarios given their CEO’s stance on several sensitive subjects and willingness to give data on protected classes, journalists, etc., to hostile governments, as an example. They do say they don’t sell your data to ad companies, at least. I don’t know Fastmail at all. And self-hosting is not something I’d recommend if you don’t want to put a lot of time and effort into it. Lots of issues come up like blacklisted VPS IP addresses in addition to the setup itself.

Nah, just freely share all of it with all of the other rich people. Let them get angry and jealous and destroy each other when they realize how much they’re purposely screwing each other over.

Yeah, unfortunately the By Manufacturer list is limited and doesn’t for example include the Meta glasses 0x0D53. So, still isn’t a feasible alternative unless more prefixes are added or the ability to add your own is added.

Thanks, but I couldn’t find a way to set alerts for a set of addresses like the OP app scans for, only for a specific MAC address. Wouldn’t be feasible to enter all possible addresses since that would be many millions of addresses for each manufacturer prefix.

Feel free to suggest similar apps that are privacy friendly (no spying ads, telemetry, or other unwanted “features”) and quick overview of where to enable realtime alerts for specific mac prefixes in the app to mimic this functionality. I’d be interested.

Yeah fdroid would be preferred over precompiled apks actually, since fdroid does the compiling to verify the compiled version doesn’t contain anything not in the code repo and reports stuff that may be unwanted that is in the repo.

Mostly interacting with other people in-person. I left most corporate social media and lost access to Meta explicitly due to a conflict around my viewpoints on what constitutes hate speech against trans people (hint: saying it’s a sickness that needs curing and that justifies cure by torture, eg. conversion therapy, is hate speech). But I lost access to a really active Buy Nothing group in my neighborhood that’s on Facebook as well as several groups that only post their in-person events on Facebook. Really sucks that Meta locked us out not for violating a rule, and thus with no possible appeal, but assumedly because they were surveiling their platform and excluding people who argued against their stance. Or at least that’s the best guess that those who were blocked have for why.

Also, I have been losing a lot of home automation from Nest devices because Alphabet bought them and has decided to force allowing access to data for “AI” training and “law enforcement”/government surveillance. If I could keep the data local, I would still be able to use the devices with Home Assistant, but they only allow using their servers.

Yep, that’s why I left most social media and try to keep things private. Not because i have anything to hide. I just don’t want everything I do, read, and say to be used against me or trigger hate-based attacks. These days everyone has at least one thing that some hate group would target them for since that’s how fascism works. Make everyone an enemy in small subgroups and trigger hate against that small subgroup whenever you need to distract from taking away rights or taking people’s money.

That’s positive at least. I hadn’t looked at that part. Still having the whole dump of data and attacking it locally vs having to query a web server repeatedly for each attempt is a major advantage. This is why I significantly prefer Vaultwarden over a synchronized database, especially if it’s publicly synchronized in a publicly accessible git server or something making it relatively trivial to copy.

The cops maybe, but the agencies are in the pockets of the companies that sell it. And they control the message given to politicians who are also on the pockets of these companies. The companies have no qualms bribing all over the spectrum of politics and haven’t been stopped from doing it up to now. The systems are crap but super expensive for this very reason. The primary cost of the product is the bribes, not the technology. It’s how the industry of road cameras (plate tracking, red light, speed, etc.) has always been.

Yeah, there’s still a risk if you’re exposing the encrypted passwords. For example there is still some risk that governments have backdoors in some kinds of encryption, which of course means other malicious actors do as well. And there’s still brute forcing which is mitigated with a webserver layer in front of the raw data.

But there are lots of existing applications for that like keypass and its forks. Vaultwarden is more about the web services front end to the data than the data storage itself. And a web service benefits from a relational database over a flat file.

Yeah, fortunately Vaultwarden has enough users that probably someone will eventually create an extension for it. And in the mean time you just have to make sure to use an old version of the existing extension until that happens. It’s not like the changes in Bitwarden will affect Vaultwarden directly. The old client versions will still work until Vaultwarden changes something.

It uses a database and it’s totally possible to use SQLite as the database and sync that elsewhere. You could then find or make a small client that just accesses that db directly rather than a web service, I suppose. Though there are already several apps out there that store passwords locally and their data files can be synced, if that’s what you want.

But if you’re doing that then you may not be using this in the most common way or may not understand the risk involved. This is likely to have every one of your logins, not just a single login that may or may not be used on other sites, but the specific username and password and which site it’s associated with. On addition to access to those accounts, this links all of your accounts to a single identity which companies spend billions to do with advertising IDs, cookies, embedded scripts, and lots of other, usually shady, practices. This is a gold mine, though usually only for one or a few users, so generally not a major target unless you’re being targeted personally for some reason. So, even if they don’t get the passwords, they’ve now linked every account you have on every site to your identity.

If you are allowing the database to be relatively easily obtained by syncing it to a central location accessible over the internet, a bad actor who gets it can even take their time brute forcing any encryption that may be present in the database, but if you don’t keep encryption keys only on your local device because you want to be able to use it elsewhere, then you probably stored the keys along with the db and they dont even have to bother with that, or if it uses password based encryption, they just have to guess or brute-force a single password.

If it’s behind a properly secured web service, then even if they find an exploit in the server software, they likely have to do many queries over time to get much data and the server can mitigate that risk and/or alert the owner about new logins and such. A database in the hands of the bad actor can’t complain about too many attempts to access it or notify anyone that it’s been copied.

So, IMHO, it’s a bad idea to use synced local password managers unless you have a very robustly secure way of storing the database and the encryption keys.

Yeah, not the best. But at least there is an alternative.

Vaultwarden will survive. Since the client is open source, once they close the API and break compatibility of the clients with Vaultwarden, the old version of the app can simply be forked and rebranded. I also do hope that the KeyGuard app will continue to support vaultwarden as well since if bitwarden closes the API and makes a breaking change, as is likely to happen, it will break KeyGuard as well, but it will still work with VaultWarden for some time.

The real issue is that many people who are using Bitwarden aren’t savvy enough to host Vaultwarden in a secure way. Many people are careless with things like secret keys and such and dont know how to properly secure a web facing app or a VPN into their local network. But anyone who self hosts should result learn those things anyway. This one just happens to be a particularly high risk since it contains all of your passwords for everything else.

Guessing this is for getting a new phone number? They had stopped giving them outside of Fi for a while. Are they allowing new accounts again? I wonder if with Alphabet’s continuing expansion of cooperation with law enforcement and governments, this is something that those agencies requested in order to link your call data and recordings to your identity when they tap your calls. Google Voice has never been private.