felbane
Jellyfin also lets you play your local copies of media, which is way better IMO than relying on someone else to stream from.
Freeze your mom, freeze your dad!
Freeze your recent high school grad!
Freeze the dog, freeze the cat!
Freeze your hurble durble sprat!
Freeze it all or freeze it none,
If it's frozen you have won;
Freezing everything you see
Will grant you immortality!
Imagine recommending Stremio when Jellyfin exists (you can use torrentio with Jellyfin as well).
"Properly implemented" is doing the heavy lifting in that sentence.
Four paragraphs down from your quote is this:
Their attacks ranged from integrity violations affecting specific, targeted user vaults to the complete compromise of all vaults within an organisation using the service. In most cases, the researchers were able to gain access to the passwords – and even make changes to them.
If E2EE were properly implemented, the above would be impossible.
This is what Bitwarden claims to do, and yet we have a paper showing that with a compromised server there exists a vulnerability.
Natura's research reactor is designed to first prove the LFMSR concept at megawatt scale, then be converted to prove that MSR reactors can reprocess existing nuclear waste as a percentage of its fuel. Which means we could take all of the current stockpile of nuclear waste and re-burn it to the point that it's 90% consumed (instead of 5% consumed today) and leave a waste product that decays to safe levels extremely quickly (tens of years).
Sure, but at the end of the day even if you don't update your vaultwarden server or you rely on an insecure storage sync system like dropbox, your actual vault is encrypted with a key that only you know. Even if your server is hacked or the kdbx is leaked, your passwords are safe until someone breaks AES.
Contrast that with hosted services, who could very easily attach their own keys to your encryption key (whether now or in the future at the behest of the state) and you'd be none the wiser. E2EE doesn't matter much when the other end is controlled by someone else.
I'm not disagreeing that most people just want something to work without thinking about, and for that reason I'm glad that services like bitwarden and lastpass and protonpass exist. My intent was not FUD, just shining a light on the fact that keeping your passwords secure does not require trusting a company.
tl;dr:
- If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)
- None of the providers tested have (or have had in the past) compromised servers.
and an observation or two:
- Vaultwarden is free, self-hostable, and doesn't rely on trust in a third party.
- Keepass (and its client variants, like KeepassXC which is pretty great) is even more secure because there is no server, just an encrypted file you can store anywhere.
What would the book version read like?
Speaking of, does anyone know of a Lemmy android client that allows hiding posts from new accounts? Boost doesn't do it and it's also a bit buggy. Bonus points if available on F-Droid