I don’t know about others, but I was a little put off by the mention of “password managers” in the beginning since that’s handling over the keys of your privacy to external powers. This hurt my expectations of the rest of the essay. It might be good, but I don’t think it could teach me anything new. By the way, at first I thought reading your essay would cost money. You might want to reword the tier list.
I also don’t like the political tone as the examples aren’t general enough that readers from any country would agree with it, it seems to assume that the reader is an American liberal who cares deeply about recent issues and has similar values to yourself. The assumptions are also wrong—low threat level if you support Trump? Try asking 8chan users if they think the government is on their side.
Your guide recommends Brave—do you know that Brave uses Google and Cloudflare and that it has built-in telemetry? To anyone who valued their privacy on the internet 15 years ago, modern privacy-focused software is a joke. There’s also more advances topics you might want to research, like using software to rewrite ones messages to get rid of ones personal ‘fingerprint’. If somebodies grammar is wrong, the manner in which it’s wrong can hint at their country of origin. Do you know of that one famous geoguessr guy? What he’s doing is possible with more than just locations
Bitwarden encrypts all of the information in your Vault, including the websites you visit, even the names of your individual items and folders. We use the term zero knowledge encryption because only you retain the keys to your Vault, and the entirety of your vault is encrypted. Bitwarden cannot see your passwords, your websites, or anything else that you put in your Vault. Bitwarden also does not know your Master Password. So take good care of it, because if it gets lost, the Bitwarden team cannot recover it for you.
Bitwarden does seem more local than I initially assumed. I modeled it as trusting another entity with ones master key. Ideally, all reliance on external services shouldn’t require you to trust them, it should be mathematically impossible for them to betray you by design. A purely mechanical lock, for instance, cannot be hacked remotely. Self-hosting is superior to trusting other services, and the open source nature reduces the chance that it’s backdoored by quite a lot.
Mathematically, If I have one unique password that nobody else knows or can know (because it’s never used on any websites), and I use that to generate other passwords in an irreversible manner, then I can get away with remembering just one password, while still using hundreds of unique passwords on different websites. This might be what bitwarden does, in which case the only causes of concerns left are hardware backdoors and quantum computers. Doesn’t get much better than that
I don’t know about others, but I was a little put off by the mention of “password managers” in the beginning since that’s handling over the keys of your privacy to external powers.
Password managers are absolutely best practice and have been for at least a decade. Humans can’t remember that many good passwords, which means that the alternative to a password manager is basically always password reuse, which is insane. I will admit that I use keepass variants, and that I myself wouldn’t recommend any password manager (or much of anything else) with a cloud component, but some password manager is necessary. You can also use many of them for 2FA tokens.
Brave uses Google and Cloudflare and that it has built-in telemetry
I don’t use Brave either, and don’t know specifically what it uses Google or Cloudflare for… but an awful lot of the Web goes through Cloudflare nowadays regardless of your browser, and unless you’ve added a bunch of technical and easy-to-screw-up stuff, probably at least as high a proportion will cause your browser to download stuff from Google (and other places) at every visit, allowing them to track at least what “major” sites you’re hitting. Ad tracking is definitely a big deal, and the guide doesn’t address it, but browser choice is kind of down in the noise unless you’re going to go all the way and resort to Tor plus a whole bunch of this and that blockers.
using software to rewrite ones messages to get rid of ones personal ‘fingerprint’
The problem is that such software isn’t very widely used, may or may not actually remove your “style”, and tends to add its own “style” that makes you stand out as a user of it. And the content of what you say can also give you away. Really the right answer there is not to say anything you don’t need to say, or at least not anything you wouldn’t want to sign your name to, package up with everything else you’ve ever said, and mail to the worst possible people. Or at least not to anybody who doesn’t (a) need to hear it and (b) have the capacity and inclination not to leak it. Which is going to be a pretty short list.
I’d counter that you can in fact memorize ~arbitrarily many good passwords if you:
Use a procedure that generates passwords that are high-entropy but memorable.
A memorability-enhancing improvement on the common “generate N random words” is “generate N random words, then add more words until the passphrase is grammatically correct”. (Important: don’t rearrange or change the initial random words in any way!)
E. g., “lamp naval sunset TV” → “the lamp allows the naval sunset to watch TV”.
This doesn’t reduce entropy, since this is at worst an injective approximately deterministic function of the initial string.[1] But, for me at least, it makes it significantly easier to recall the password (since that makes it “roll off the tongue”).
Use spaced repetition on them. Like, literally put “recall the password for %website%” in an Anki deck. (Obviously don’t put the actual password there! Just create a prompt to periodically remind yourself of it.)
I’m not actually doing that for all my passwords, only for a dozen to the more important stuff.[2] But I expect this scales pretty well.
Well, technically, this is only approximately injective: the worst case is that adding words to two random sequences would map them to the same phrase. E. g.:
“lamp naval sunset TV” → “the lamp allows the naval sunset to watch TV”
“lamp naval watch TV” → “the lamp allows the naval sunset to watch TV”
But I posit that this would never happen in practice.
I have more than 200 passwords now I think, and I’m starting to forget some of them. A password manager would probably be ideal if it could run completely locally, so that it’s not an online service, but rather a cryptographic program which uses a master key to generate sub-keys.
There’s an article with some criticism of Brave here. It looks like it’s written by somebody who has been on the internet too long and who doesn’t trust anyone or anything, but that’s exactly what I like about it.
Speaking of which, I don’t like the mindset “Oh well, you can’t avoid all these tech giants, so you might as well give up and let them collect whatever they want”. Almost all “alternative browsers” are just Chromium or Firefox under the hood, and almost all “alternative search engines” are just Google proxies (metasearch engines).
There’s enough information out there to uniquely identify like 95% of users across almost all services, but our footprints are just considered noise, the FBI doesn’t care if somebody downloads a song without paying for it. Now, consider what will happen once AIs can process all of it, and each person can be assigned a “digital FBI agent” to watch over them
I was a little put off by the mention of “password managers” in the beginning since that’s handling over the keys of your privacy to external powers
Bitwarden encrypts all data on-device with a key derived from your master password. The plaintext of your passwords is never sent to their servers. See their security whitepaper for a good detailed explanation.
Your guide recommends Brave—do you know that Brave uses Google and Cloudflare and that it has built-in telemetry?
The guide also recommends Arkenfox/Librewolf, and there is a checklist on how to disable all optional telemetry in Brave. I’m not really sure what you mean by Brave “using Google and Cloudflare”.
I should have been more clear what I meant here. “It’s possible with more than just locations” means that, just like you can uniquely identify any location on the planet if you can extract enough bits of information out of a picture, one can uniquely identify people if they can find log2(human population) ≈ 33 unique bits of information on them. Gender, for instance, is one bit of information
I don’t know about others, but I was a little put off by the mention of “password managers” in the beginning since that’s handling over the keys of your privacy to external powers. This hurt my expectations of the rest of the essay. It might be good, but I don’t think it could teach me anything new. By the way, at first I thought reading your essay would cost money. You might want to reword the tier list.
I also don’t like the political tone as the examples aren’t general enough that readers from any country would agree with it, it seems to assume that the reader is an American liberal who cares deeply about recent issues and has similar values to yourself. The assumptions are also wrong—low threat level if you support Trump? Try asking 8chan users if they think the government is on their side.
Your guide recommends Brave—do you know that Brave uses Google and Cloudflare and that it has built-in telemetry? To anyone who valued their privacy on the internet 15 years ago, modern privacy-focused software is a joke. There’s also more advances topics you might want to research, like using software to rewrite ones messages to get rid of ones personal ‘fingerprint’. If somebodies grammar is wrong, the manner in which it’s wrong can hint at their country of origin. Do you know of that one famous geoguessr guy? What he’s doing is possible with more than just locations
You fundamentally misunderstand the nature of Bitwarden password management. Bitwarden is zero-knowledge end-to-end encrypted:
They are also open source and regularly audited. You can also self-host.
Bitwarden does seem more local than I initially assumed. I modeled it as trusting another entity with ones master key. Ideally, all reliance on external services shouldn’t require you to trust them, it should be mathematically impossible for them to betray you by design. A purely mechanical lock, for instance, cannot be hacked remotely. Self-hosting is superior to trusting other services, and the open source nature reduces the chance that it’s backdoored by quite a lot.
Mathematically, If I have one unique password that nobody else knows or can know (because it’s never used on any websites), and I use that to generate other passwords in an irreversible manner, then I can get away with remembering just one password, while still using hundreds of unique passwords on different websites. This might be what bitwarden does, in which case the only causes of concerns left are hardware backdoors and quantum computers. Doesn’t get much better than that
Password managers are absolutely best practice and have been for at least a decade. Humans can’t remember that many good passwords, which means that the alternative to a password manager is basically always password reuse, which is insane. I will admit that I use keepass variants, and that I myself wouldn’t recommend any password manager (or much of anything else) with a cloud component, but some password manager is necessary. You can also use many of them for 2FA tokens.
I don’t use Brave either, and don’t know specifically what it uses Google or Cloudflare for… but an awful lot of the Web goes through Cloudflare nowadays regardless of your browser, and unless you’ve added a bunch of technical and easy-to-screw-up stuff, probably at least as high a proportion will cause your browser to download stuff from Google (and other places) at every visit, allowing them to track at least what “major” sites you’re hitting. Ad tracking is definitely a big deal, and the guide doesn’t address it, but browser choice is kind of down in the noise unless you’re going to go all the way and resort to Tor plus a whole bunch of this and that blockers.
The problem is that such software isn’t very widely used, may or may not actually remove your “style”, and tends to add its own “style” that makes you stand out as a user of it. And the content of what you say can also give you away. Really the right answer there is not to say anything you don’t need to say, or at least not anything you wouldn’t want to sign your name to, package up with everything else you’ve ever said, and mail to the worst possible people. Or at least not to anybody who doesn’t (a) need to hear it and (b) have the capacity and inclination not to leak it. Which is going to be a pretty short list.
I’d counter that you can in fact memorize ~arbitrarily many good passwords if you:
Use a procedure that generates passwords that are high-entropy but memorable.
A memorability-enhancing improvement on the common “generate N random words” is “generate N random words, then add more words until the passphrase is grammatically correct”. (Important: don’t rearrange or change the initial random words in any way!)
E. g., “lamp naval sunset TV” → “the lamp allows the naval sunset to watch TV”.
This doesn’t reduce entropy, since this is at worst an injective approximately deterministic function of the initial string.[1] But, for me at least, it makes it significantly easier to recall the password (since that makes it “roll off the tongue”).
Use spaced repetition on them. Like, literally put “recall the password for %website%” in an Anki deck. (Obviously don’t put the actual password there! Just create a prompt to periodically remind yourself of it.)
I’m not actually doing that for all my passwords, only for a dozen to the more important stuff.[2] But I expect this scales pretty well.
Well, technically, this is only approximately injective: the worst case is that adding words to two random sequences would map them to the same phrase. E. g.:
“lamp naval sunset TV” → “the lamp allows the naval sunset to watch TV”
“lamp naval watch TV” → “the lamp allows the naval sunset to watch TV”
But I posit that this would never happen in practice.
I also use KeePass for the rest, sync’d through ProtonDrive. The fewer cloud services you have to trust, the better.
I have more than 200 passwords now I think, and I’m starting to forget some of them. A password manager would probably be ideal if it could run completely locally, so that it’s not an online service, but rather a cryptographic program which uses a master key to generate sub-keys.
There’s an article with some criticism of Brave here. It looks like it’s written by somebody who has been on the internet too long and who doesn’t trust anyone or anything, but that’s exactly what I like about it.
Speaking of which, I don’t like the mindset “Oh well, you can’t avoid all these tech giants, so you might as well give up and let them collect whatever they want”. Almost all “alternative browsers” are just Chromium or Firefox under the hood, and almost all “alternative search engines” are just Google proxies (metasearch engines).
There’s enough information out there to uniquely identify like 95% of users across almost all services, but our footprints are just considered noise, the FBI doesn’t care if somebody downloads a song without paying for it. Now, consider what will happen once AIs can process all of it, and each person can be assigned a “digital FBI agent” to watch over them
Bitwarden encrypts all data on-device with a key derived from your master password. The plaintext of your passwords is never sent to their servers. See their security whitepaper for a good detailed explanation.
The guide also recommends Arkenfox/Librewolf, and there is a checklist on how to disable all optional telemetry in Brave. I’m not really sure what you mean by Brave “using Google and Cloudflare”.
Yes, the appendix of the second article discusses geoguessing. Especially with powerful base models, authorial fingerprinting is concerning but out of scope for most of my readers.
EDIT: Whistleblowers should probably mask their writing, on second thought. Thanks—I’ll add this.
I should have been more clear what I meant here. “It’s possible with more than just locations” means that, just like you can uniquely identify any location on the planet if you can extract enough bits of information out of a picture, one can uniquely identify people if they can find log2(human population) ≈ 33 unique bits of information on them. Gender, for instance, is one bit of information