pootriarch

i'd never heard of this concept! i have a disorganized stack of markdown files - notes, to-do and packing lists - that this looks ideal to tame

this is true. having said that - i follow a peertube-based french outfit called blast (can't speak french, just look at the pictures). if i go to a different site (peertube.stream, liberta.vip) and look at a video, the streams are coming off video.blast-info.fr.

there's no question video is a huge resource suck, and that nobody would want to host a lot of other people's videos. i just wonder, if the model is federated indexes but owner-hosted video, i wonder if there's a use case that can work at scale.

i have found this to be a useful comparison. they stress that the results are not necessarily in order - but everyone has their own desires, and it's easy to hold them up against this summary

https://restoreprivacy.com/email/secure/

i haven't tried to go back. that was probably a year ago that it broke, and the dev response was that they didn't like samsung's code and thought it was a bad idea to try to work around it. issue is still open

https://github.com/Kunzisoft/KeePassDX/issues/1269#issuecomment-1075449893

Honestly, not being able to reproduce the problem, I don't feel like going blind when it's clearly a problem in the OS. I need an AES symmetric key and if I have to go through certificates and RSA asymmetric keys to workaround this issue, it changes the workflow and requires key invalidations, etc... I really don't know what to do except ask Samsung to implement a proper Keystore.

i used enpass for a long time; when i first got it, it was the only one that supported putting your store in someone else's cloud, not theirs, and that supported windows phone(!)

obvs time has passed; 'other people's clouds' is common and winphone is long since being a thing

putting a different rom on a samsung is something they don't allow. not to say it can't be done, but it's above my pay grade. eventually i'll get a different phone.

i disabled a bunch of stuff using adb and pm uninstall -k --user 0 package. i won't list it all here unless someone asks - everyone's list will be different, and just disabling things willy-nilly can break stuff.

i have nextdns (a paid service). this is configured as the phone's private dns provider.

• my router intercepts all unencrypted dns, to any address, and handles it using nextdns.
• my router rejects all traffic to 8.8.8.8 and 8.8.4.4, which are the google servers most commonly used by bad actors to bypass restrictive dns.

i haven't checked lately for suspicious connections to other dns providers. i think cloudflare and quad9 may have similarly obvious ip addresses for dns that should be blocked.

my nextdns config rejects the samsung-related domains below explicitly, and has the 'native samsung tracker' enabled also.

• *.gos-gsp.io
• *.hiyaapi.com
• *.ospserver.net
• *.picks.my
• *.samqaicongen.com
• *.atlas.samsung.com
• *.dqa.samsung.com
• *.mcsvc.samsung.com
• *.samsungapps.com
• *.samsungdm.com
• *.samsungknox.com
• *.samsungrs.com
• *.samsungcloud.com
• *.samsungosp.com
• *.samsungvisioncloud.com

on android, i have three.

• the default browser is an f-droid rarity called 'privacy browser'. it is configured to allow scripting but reject practically everything else (storage, cookies). this will break lots of things, but i feel safer with this as the initial offer. it's wired to a searxng instance for search. i have a personal hosted homepage that it uses for home.
• if i am opening something myself, i use an app shortcut that opens my home page on mull. mull itself doesn't believe in home pages, so i have to use a shortcut. it uses a searxng instance for search. it's configured to discard all data on quit. if something breaks on privacy browser, i share it into mull.
• for sites in which i need a persistent login, i use duckduckgo browser, again with an app shortcut since it doesn't believe in home pages. i don't open links in ddg, instead sharing them to one of the other two. i don't search here since you can only use ddg.

on desktop (all platforms), i use brave with a lot of stuff turned off, homed normally and pointed to the same search instance. i have cookie autodelete to burn cookies as i browse. i spend a lot of time manually deleting local storage.

i don't love this flow. what i really would like is one browser that would:

• load my home page when i click its icon
• burn all cookies and local storage on exit, except from domains i designate

i haven't found an answer for that yet, would love ideas.

i have previously used and discarded, for various reasons: vivaldi, firefox, firefox focus, chromium, librewolf. i carry some of these for occasional use, either for 'let it through' or 'fuzz all the things' threat models.

people slag me off for putting my totp codes into keepass, they say it's less secure. i care only about not being able to replay. if someone got into my password manager, it's game over in so many more ways than a couple of totp configs

the keepassxc ssh-agent is an absolute lifesaver

the one thing after playing with simplex, the 'no central id' is excellent for absolute privacy and they've implemented it a clever way. that id does let me resume a conversation between desktop and phone, using signal or xmpp. if it's possible with simplex i think i'd have to make a group (and that's only mobile to mobile, as simplex looks mobile-only)

il existe uk casual… un communauté apparemment sans actu, on pense à qqc comme ça ?

very high level, you should at least read up and consider it. the amount of attempted telemetry coming off our windows laptop is probably 5x our mac laptop. there's a ton of variables in config, so i say 5x not as something scientific, but woah, half an order of magnitude.

this is desktop - no iphone here so can't speak to that, but suspect much less difference