And this is one of the many reasons that these days I create a @duck.com email address for each website.

My password manager (Bitwarden) happily generates for me both the mail and the password… now instead of having to look up for the unique password for each website I need to look for both the unique password and unique email 🤷

Furthermore if they are incompetent enough to make shitty regexp they are for sure incompetent to keep their db safe from hacking/leaking… and I am fine with a duck.com address being locked, less so with my actual email address

And not refund…

I was more thinking about using the matrix <> WhatsApp bridge for avoiding the pop up. It’s impossible to migrate people (especially strangers)

Yeah… the result is that now I have WhatsApp, signal, telegram. 99% of my contacts are on WhatsApp, maybe 20% are on telegram (and a number of group chat are there) and 1% take it or leave it has signal (and no group chat).

In practice the only one I can get rid of is signal (that is also the one I would like better 🙄🙄)

The real question, in EU, is not Facebook (or even Instagram). It’s WhatsApp. Business talk with WhatsApp, family talk with WhatsApp, meet a person in a bar? Yep WhatsApp or you are the weirdo

As soon I got the banners, I uninstalled the app and switched to friendly. Not sure if I have such luxury with WhatsApp…. Maybe time to explore matrix? 🤷

The question is not what Google does now but what it will do in 1month, 1quarter, 1year.

It has been years that more and more petty measures have been taken.

FWIW I would make a spare account

FWIW I use foam. It is a visual code extension so you piggyback on all Visual code features and extensions (e.g. git, md lint, etc). And I sync with my self hosted gitea. It doesn’t have a mobile app but I use obsidian with the obsidian git plugin

Dude what are you talking about? This is in UK

Next step: “we are a nation of smokers and millions of us smoke daily. We are making the life of these people easier. Stop to the No Smoking areas. If a pregnant woman is present she can go eff herself. Stop to taxes on tobacco.

Because Google is like 90% of the market.

It’s not the bidding part per se the issue, the issue is that the bidding (and possibly other effective strategies) are so successful that Google is almost a monopoly.

The illegal part is that google is a bit too successful AND it uses these not-merits based techniques 🙂

The idea is that if you really want to become almost a monopoly you should not play these games. And being a total monopoly would be illegal in any case

It’s software, everything can be done. Even if username and passwords are not kept in plaintext as you suggest (and likely nobody would do)

Problem is that the number of people that self host password repositories is so little that it makes no financial sense. And so for this reason your “massive scale” is an hyperbole because there isn’t a massive scale of people that self host password repositories

Botnets that stole from local password repositories makes more sense because there are more people that use password managers of sort.

Humans looking are flexible enough to look at all possible long tail cases like this… but not going to happen except for high profile targets.

All in all what i am saying is that i don’t see clear evidence that self hosting is more dangerous (in practice) than centralized hosting

PS: pro tip If you link references, make sure to read the references you link… The second one has nothing to do with password stealing, it was about a password cracker that was a trojan horse for a botnet. Yes, it fits the search “botnet password” but it doesn’t sustain your point

You need to aumatize any operation… It’s not conceivable that an human look at every device for stuff to steal. It would be even more expensive.

Generally all these bit malware do is 1) using a vulnerability to replicate themselves 2) mine crypto or other kind of crap. Sometimes (1) involves also stealing ssh keys but it’s not the goal, it the mean.

Self hosting password/code/photos/whatever niches you are almost guaranteed that no human will look at hit because the amount of IoT/Routers/etc with nothing valuable beyond themselves generally composes the majority of these compromised bots

This is just the economic incentive

Self hosting is less appealing for criminals, though. Especially if the protocol is “vanilla” like ssh.

When you hack LastPass you know what you’ll find, millions of passwords. When you hack a dude ssh you have one chance over one million that there is one dude password wallet.

It doesn’t make financial sense to hack self hosting (unless it’s specific server software)

Context https://sh.itjust.works/comment/2181865

The real question is… Are these people repeatidly hurting you or they were one offs?

If it’s repeated… Well that is an issue… You don’t have a defense mechanism.

If it’s one off… Well you just are an optimist person 😃

I would not pause the history, i would populate the history with balanced contents and then (if you feel like your mother will actively look for radicalized content) pause it.

So that the algorithm will have something"balanced" to work on.

Re not acting immediately: per GDPR they can’t keep deleted data on your activity more than a few months (and probably they do before the deadline)