You can turn off exif data in your phone settings if you don't want it at all (most private). Or you can keep it on and use an exif eraser app before sharing online. Up to you. But yes, I also think it should be set to off by default
it appears these random calls (going on for 3 hours+ now) are combined with some sort of DDoS attack as well. admins are on the scene trying to stop the shenanigans
it appears to be another unfortunate exploit of matrix's leaky implementation of e2ee...i guess we'll find out soon enough
sooo thankful for #SimpleX, it's still young but i expect it to be a signal and matrix killer sooner than later
always said i wanted to try #longbranch, the whisky #matthewmcconaughey put his name on sometime...tonight became, sometime ๐ฅ
something weird is going on in the official matrix HQ chatroom. it appears someone with admin priviliges is spam calling the entire room (all 45k people). it's either a bug, a rogue admin, or a hacker. my guess is the latter. will update
https://matrix.to/#/!OGEhHVWSdvArJzumhm:matrix.org?via=matrix.org&via=libera.chat&via=envs.net
calls appear to be coming from different users though at least one of these users has just posted to the room insisting that it wasn't them...the plot thickens
thx nostr:npub1z8gtve683pa6nfknfv37kvfgwd6tgkc6rvtpatz5evvrc5lqpmmszk36vw, nostr:npub1de6l09erjl9r990q7n9ql0rwh8x8n059ht7a267n0q3qe28wua8q20q0sd Great choice. You are in good company. #GrapheneOS is the only mobile OS I trust and recommend at this point. Solid community amazing developer. your question is pretty open. yes, I have a tips depending on your threat model. feel free to ask specific questions and i'm happy to help as time permits ๐ค๐ป๐
something weird is going on in the official matrix HQ chatroom. it appears someone with admin priviliges is spam calling the entire room (all 45k people). it's either a bug, a rogue admin, or a hacker. my guess is the latter. will update
https://matrix.to/#/!OGEhHVWSdvArJzumhm:matrix.org?via=matrix.org&via=libera.chat&via=envs.net
dom0 is a xen hypervisor on bare metal that never touches the internet.
In addition to your qubevms (fedora, debian, whonix etc) you also have a sysusb qube and a sysnet qube, the sysnet qube can be copied with each sysnet qube routed to different appvms (one without a vpn installed, one for country a, b, c etc).
since these qubes can run simultaneously, you can be connected to multiple vpns at the same time. You could also configure a proxy vpn as a vpn gateway. It's up to your use case. you can even spin up disposable appvms based on templates, or disposable sysnet qubes.
There's a default qube called vault where only your passwords and sensitive files can be stored. it is essentially airgapped. Cool stuff, indeed. Honestly can't imagine using anything else rn
She's doing well, thanks. I've been getting her acclimated to her crate and playing loud airplane engine sounds twice a day to get her prepared for the long journey back to the US ๐
Everything depends on your threat model. In short, yes...it will greatly enhance your security...especially from remote attacks.
YubiKeys are not perfect, they're just tools and must be used in conjunction with good InfoSec practices. I highly recommend the ones from the 5 series.
If someone has physical access to your device it is almost certain they will be able to hack it given enough time and money. All we can really do is make it harder...take more time, cost more money.
In response the the subpoena topic, if you can remember your password, chances are it's easier to hack and you are not creating unique hard to crack passwords for all of your accounts.
YubiKey can be used with password managers like Bitwarden and KeePass to add another layer of security.
One setup could look like this:
Bitwarden 2-step auth with YubiKey or KeyPass with OTP challenge response enabled on YubiKey.
Aegis (Android) or Ravio OTP (iOS) can be installed on a separate device (only used for mission critical accounts) with it's recovery code secured in Bitwarden or KeePass + YubiKey.
...or you can print out the qr code and delete it from your device or store it offline on an encrypted usb device and only use it when necessary behind a vpn through a socks proxy over tor etc.
One of the YubiKey's (Hardware Key's) main advantage is that it protects against man in the middle attacks. It's also a phishing-resistant MFA that makes it more difficult to remotely hack since it requires physical touch.
Hardware keys can also be used to add another layer of security on mobile through via usb-c (better) or nfc if not port is available.
On the topic of backup methods for recovering an account if the YubiKey is lost or not present. As the op said, many services (not google) allow for other backup authentication methods.
I submit that this does not invalidate the usefulness of a hardware key.
YubiKey adoption is gaining more traction. The idea is to be mindful of which backup authentication you enable once you set up your YubiKey and make sure you have a min of 3 YubiKey backups.
Depending on your threat model, this could be one that stays plugged in to your laptop, one on a keychain, and one in an offsite location. Again, if someone has physical access to your device, it's just a matter of time and money.
Where it is available opt for a random recovery phrase as a backup authentication method for mission critical accounts, don't use sms. Store it in a password manager (online or offline) and set up YubiKey 2-step authentication on the PW manager.
If an authenticator app must be is used, (depending on your threat model) secure it with a pass on a separate device from your main device accessed offline.
Without knowing your specific situation, I can tell you that compartmentalizing your security in ways that don't automatically talk to each other is the goal. An offline hardware key significantly helps perform this function.
TLDR; Yes, they are absolutely worth it, I would say essential, but they are not perfect. They must be used with purpose and in addition to good InfoSec practices. You are better off using a physical hardware key than other 2fa options alone or no 2fa at all.
There's a Yubico quiz to help you choose the right one https://www.yubico.com/quiz/
P.S. Nitrokey's firmware is open-source and is updatable on most new models, unlike the YubiKey.
Sorry for the long reply, but hope this helps ๐ค๐ป๐
Fs. Happy to share and help in any way I can ๐ค๐ป๐
I've already learned a lot about a few people (the blocked and the blockers) by looking at their block lists ๐
GM Nostriches! ๐
I started working on a little project a few weeks ago and I'm only getting around to getting it out the door now. ๐
https://listr.lol is a tool to check out your (and other's) NIP-51 lists on Nostr. I'm going to make it easy to update your lists very soon. The idea is that over time this will be an interesting place to browse other people's curated lists of people, notes, and more.
If you're of my vintage, you might remember Del.icio.us โย this is a bit like that. ๐ด๐ผ
This is awesome! Thx #[1] ๐
