"All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality."
For clarity, one of the "Accepted" vulnerabilities is that attackers who control the Bitwarden servers can set the PBKDF iteration count to "1". They set the severity of this to "low".
They've also "accepted" a vulnerability --- BW01 from the paper, I believe --- that allows a malicious server to read all vault items from a user as soon as they accept any invitation (real or not) to an "organization".
No matter how compromised a server gets, ideally the client should never be able to provide it unencrypted data, or data is encrypted in a way such that the server can decrypt it. It is unclear if Bitwarden has fixed this core issue or not.
How often do your change your passwords? Assuming they are decently long and all that, why would you change them at all other than when a site gets breached?
The only reason my Keepass database changes is because I make new accounts on sites every now and then, and that's a fairly rare thing these days. And if I get so ungodly unlucky that my house burns down before my off-site database is updated to have that new account listed, I'll still have access to the email that account is associated with, so I can still recover the account either way.
Every time I add an account, for one. And there's still plenty of (dumb) sites which force me to change my password and sometimes username periodically.
Keeping an offsite database in sync is tedious, especially if it's delivered via sneakernet.
I add an account to that database maybe twice a year, probably less. Do you make a lot more accounts than that?
The off-site solution I have updates a lot more often than that, although that's only because only the really important stuff is backed up in that way; the stuff I truly need to survive my house burning down.
I'm almost done with that aspect of my life now, but every school year it feels like there's a new slate of apps, parent communication portals, etc. I need to manage these as well.
It's way more often than twice a year for me. And it's accelerating.
Fair enough, but it’s genuinely super easy to have a regular copy of your password manager saved in the cloud. You can also have a less frequently updated version stored somewhere physical that isn’t your house. My house burning down has never been a concern for me, as I’ve taken the proper precautions for my data.
I unfollowed everyone except for a few family members. It really wants to give you the infinite scroll and started showing me some really bizarre stuff. So much AI slop, and random content.
For about a week it kept showing me nursing mothers, no matter how many times I said "I don't want to see this" and blocking. I have no problem with women nursing, but these were done in a way to be sexually provocative.
After that it started showing me AI houses and kitchens, with kitchen taps but no sink basin.
I made a Facebook account a few years ago for a private group related to a class I was taking. I didn't want to do this, but it is what it is.
Being paranoid, I ran a VM just for Facebook. The browser never went to any other sites, so as far as I know there is no way it could track me or get any actual information about me, other than maybe a very rough location based on my IP. I also setup a burner email just for this and used a fake name/picture.
On a fresh account with no info, my feed was much like that of the linked article. A bunch of thirst traps and various "news" and memes. Occasionally it would tell me to follow stuff so it could actually populate the feed, but when it wasn't doing that, it was giving me this kind of garbage. This was before the advent of generative AI, so I assume these were mostly real photos, but who knows who was actually behind those accounts.
Twitter was fairly similar, but would show a lot of high school kids fighting or general street fights... along side the thirst traps.
I remember at some point which I think was a bug: it started showing a specific type of food, I think some kind of barbeque, prepared in various ways from across the globe. And by "started showing" I mean the feed was pretty much that for an extended period of time. Also at some point a large part of the feed was reposts of random reddit posts in screenshot format.
I can recommend using Social Fixer addon [1] on your laptop. On my phone, I use Nobook [2] which isn't quite as effective. They both do a good job though of removing loads of the useless stuff on Facebook.
Thanks for the suggestion, I just installed the socialfixer userscript and am going to give it a try. I now just need to start telling Facebook I'm not interested everytime I see an AI post and hope it eventually gets better.
I've never seen a website break because of ublock, at least not in the default config. If it's that much of a problem you can just remote in on grandmas computer and disable it for whatever website.
I think that beats remoting in when granny inevitably gets scammed by an ad.
There really is no excuse in my mind for not running an ad blocker. It's as vital to personal computing security as firewalls and anti malware.
Blocking ads helps grandma not accidentally leak private information that could have disastrous consequences, for example, getting scammed out of their money.
Not blocking ads helps grandma visit a few more websites that don't work well with adblock.
I wasn't a SAHP but I'd spend time with my kids at a park nearby and people would give me dirty looks for playing with my kids if my wife wasn't present.
The internet convinced me it was going to be a problem, but it literally never happened once.
We rotate through parks because the kids love seeing new parks. Nobody has ever given me a dirty look for bringing my kids to the park. It’s a completely normal thing for parents to do.
This is why "Moms clubs" are a thing. I get that safe spaces are wanted, especially if the mothers needed to nurse, but dads were unwelcome in the chapter near me.
"All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality."
They don't expand on what those three are.
1. https://bitwarden.com/blog/security-through-transparency-eth...
reply