#OpsecTuesdays I'm opening up a microconsulting service on nostr.
For a 21 zap to this note, you can describe some security setup you use and I'll tell you why you're doing it wrong. No refunds, except when your setup is perfect!
Discussion
This is great! Do we put the setup in the Zap description?
You can DM or comment here if there are no privacy implications and you feel comfortable
CIA hackers are really getting lazy. Find my mistakes yourself fedboy. 🤣
Don't worry Bob, we already have a special file just for you 😉
I'd be insulted if you didn't. Although, leaking my real name proves my point in our other conversion about each new holder of your info is a potential source of a leak to that data becoming public.
how about upload keepass's kdbx files to google drive?
* Passphrase might be weak
* Google has it forever, and encryption tends to get outdated and weaker over time. In some years they might easily unencrypt it
* Someone can force you/trick you to unencrypt it. If they don't even have the DB, it's one extra step.
* Privacy and metadata leaks from using a google service
Hit me. I use syncthing on default settongs to sync my photos from my CalyxOS phone to my Linux PC. No need for central cloud storage service.
With default settings you are using syncthing's default Discovery Server for peer discovery and NAT transversal.
Using it will leak network metadata to syncthing org.
You would be better off Disabling NAT transversal and Global Discovery and just syncing on your local discovery. It will only work on your LAN but the tradeoff is worth it IMO.
DD-WRT router and then using it to connect to vpn with killswitch
- DD-WRT
+ openWRT
Other than that is as good as it can get.
* Use a wireguard VPN
* Have your own personal VPN that connects to your router at home so that you can use the external VPN while away.
* VPN can only get you so far. Use Tor whenever possible, specially for low brandwidth tasks.