3·
6 months agoFinally! I had tried using the clunky torsocks not long ago and wondered why there was no namespace based solution yet. Glad to see this getting released, it will help many people. Tor ❤️
tmpod
- 0 Posts
- 4 Comments
Joined 4 years ago
Cake day: September 10th, 2021
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
This is quite misleading and frankly low effort. Besides the readability issues, the chart makes a clear distinction between Proton Pass and Bitwarden when it comes to privacy, citing their privacy policy.
As it happens, however, Proton’s server code is closed, unaudited[1] and not distributed, and the apps (web, Android and iOS) do not support setting different homeservers. This effectively means you cannot self-host your password manager and must be “locked” to Proton for what I consider to be one of the most fundamental and important pieces of technology a person can use.
Bitwarden, however, has opened their official C# server, their internal Rust SDK and the apps themselves too. Furthermore, they have several guides on how to self-host your own personal server, and have implemented settings in their apps to change the homeserver. There’s even an unofficial server, vaultwarden that is even better tailored for small, personal deployments.
All this to say: the fact they may collect some usage data on their website is very insignificant for their offering, in my opinion. The real value is in providing a secure vault that only the user can manage. If you need better privacy and/or anonymity, you should use tools specialized for that anyway, instead of blindly trusting a third-party’s Privacy Policy, no matter who they are. But then again, it’s the old game of threat models.
Ultimately, Bitwarden inspires more confidence than Proton, by giving those you can and want the ability to truly own their secrets.
As far as I’m aware, there’s only this audit by Cure53, in which they performed a white-box pen test on the API, with only its documentation provided, no code whatsoever. These audits are important from a cybersecurity point of view, but security is not the same as privacy and should not be taken as such. ↩︎
This is a good suggestion. Docker is more mature and has more resources, so it’s better to learn the ins and outs of containers. After getting comfortable with it, you can move to Podman and have a much better time tackling its peculiarities regarding permissions and rootless.
I used Docker for years and only recently decided to give Podman a try, porting my Lemmy instance to it.
Mullvad Browser isn’t bullet proof, it will not prevent fingerprinting entirely, though it makes it less reliable, especially if it isn’t sophisticated.