Just wait.

Needs Microsoft added to the list.

Wait does that mean I can only have up to 4 billion games on my client before the game list overflows and I start losing games at the end of the list?

With the hash one, it doesn’t look like that could be exploited by an attacker doing the bad hashing themselves, since any collisions they do find will only be relevant to the extra hashing they do on their end.

But that encryption one still sounds like it could be exploited by an attacker applying more encryption themselves. Though I’m assuming there’s a public key the attacker has access to and if more layers of encryption make it easier to determine the associated private key, then just do that?

Though when you say they share the same secret, my assumption is that a public key for one algorithm doesn’t map to the same private key as another algorithm, so wouldn’t cracking one layer still be uncorrelated with cracking the other layers? Assuming it’s not reusing a one time pad or something like that, so I guess context matters here.

I tried that without a password manager for a little while. But then my answers were too abstract to remember, so now I also use a password manager for that.

Q: What do you often see when you look out your back window?

A: Vladimir Putin riding a horse shirtless.

Hey maybe the GOP got connected with Putin because he was often at Palin’s backyard BBQs when he would ride over to say hi when he saw the gathering.

Though I also just noticed there’s only two letters different between Putin and Palin… Maybe it was just Putin in a wig the whole time.

I remember hearing to not layer encryptions or hashes on top of themselves. It didn’t make any sense to me at the time. It was presented as if that weakened the encryption somehow, though wasn’t elaborated on (it was a security focused class, not encryption focused, so didn’t go heavy into the math).

Like my thought was, if doing more encryption weakened the encryption that was already there, couldn’t an attacker just do more encryption themselves to reduce entropy?

The class was overall good, but this was still a university level CS course and I really wish I had pressed on that bit of “advice” more. Best guess at this point is that I misunderstood what was really being said because it just never made any sense at all to me.

Yeah, I think 7 and 8 both cover that. I recently signed up for an account where all of the “security questions” provided asked about things that could be either looked up or reasonably guessed based on looked up information.

We live in a tech world designed for the technically illiterate.

Yeah not to mention it’s not that hard to detect a shadowban if you’re aware of the possibility. Lemmy doesn’t even fuzz vote totals, so it would be trivial to verify whether or not votes are working.

I wonder if there’s a way for admins to troll back. Like instead of banning the accounts, send them into a captcha loop with unsolvable or progressively harder captchas (or ones designed to poison captcha solving bots’ training).

This isn’t really about safety, it’s about gun manufacturer profits.

I’m just tired of people trying to sell me shit. Or beg. Like I know I’m not interested 3 words in to the spiel but still feel like an asshole if I just say no and close the door or hang up the phone.

Though I did eventually tell my phone provider to put me on their no call list for their internet marketing because I got tired of them trying to get me to switch to their less good internet package.

Hoping (but not holding my breath) that we, as a society, squash the whole data broker thing sometime relatively soon, though.

I remember a time when the phone or doorbell would ring and I would get excited to know who it was.

Now I seriously consider setting up a series of mirrors so that I can see who is at the door without giving up my ability to pretend like no one is home and my phone ringing causes an emotion somewhere between worry and rage.

A representative 300 sample would give a more accurate result than a biased 2.4k sample. Bigger number doesn’t mean better results.

That said, I’m not sure how to get representation from certain subgroups of the population, like the “never engages with polls” or “lies specifically to fuck with your data” subgroups.

Yeah, if they are able to intercept traffic or access the logs, they probably already have other access to the account without needing the password. If you don’t reuse passwords, then your other accounts will be safe from that.

Yeah no worries and agreed. I hate seeing commercial sites using worse password sanitization practices than I used for my first development website that wasn’t even really intended for anyone else to log in to and any max length suggests the password is either stored or processed in plaintext.

IMO it should even be hashed on the client side before being sent so that it doesn’t show up as plaintext in any http requests or logs. Then salted and hashed again server side before being stored (or checked for login).

Correct, hence the sentence after the one you quoted :)

If any service can recover your password and send it back to you rather than just resetting it for you to set a new one, don’t rely on that service for anything you want to keep secure. And certainly don’t reuse a password there, though you shouldn’t be reusing passwords anyways because who knows what they are and aren’t storing, even if they don’t offer password recovery.

Once upon a time, battle.net passwords weren’t case sensitive. I used upper and lower case letters in my password then one day realized I didn’t hit shift for one of the caps as I hit enter out of habit, but then it still let me in instead of asking for the password again.

It was disappointing because it takes more work to remove case-sensitivity than to leave it. I can’t think of any good reason to remove it. At least the character limit had a technical reason behind it: having a set size for fields means your database can be more efficient. Better to use the size of a hash and not store the password in plaintext, so it’s not a good reason, but at least it’s a reason.

Most of them were cases where I wasn’t surprised they had data but a bit surprised they shared it.

I think my phone came with a sonos app installed, though not certain about that. I got rid of it if it was, though I can’t say if the most recent update from them was before or after that.

But a few of them I’m not really sure why they are on there. There was another one that I didn’t list that just had the label “IDK”, not sure if that’s a real name or “I don’t know”. I’m assuming they came from effective fingerprinting/tracking.

I might look into an addon that fakes some of the information the browser sends like OS version and resolution. Maybe that will make fingerprinting harder.

Some examples from mine if anyone is curious. I never use the fb sso or any of that shit, nor did I ever explicitly consent to any of these services sharing anything with fb.

• Spotify
• bookings .com
• ebay (haven’t touched my account there in over a decade but they still had data to send this year)
• windy .com
• duolingo
• tinder
• my bank
• opera
• sonos (I can’t think of any time I’ve ever even interacted with this one)
• samsung wallet (another one I never even set up)
• Uber eats
• calorie counter
• mediacom usa and euro (?)

Also, if you remove access via messenger app, it will show a confirm message without closing the screen. Clicking x goes back and it’s not on the list anymore. Whether they are actually leaving it disconnected or just hiding it, who knows.

Some of these services I didn’t use the same email that I used for fb, too, or any email at all.