Based on what we have learned, some of our users’ information has been exposed, including:
- Account information (e.g. name, email address, encrypted password, data imported from linked networks when authorized by users)
- Public content and actions (e.g. questions, answers, comments, upvotes)
- Non-public content and actions (e.g. answer requests, downvotes, direct messages)
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
The following information of yours may have been compromised:
Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
Non-public actions, e.g. answer requests, downvotes, thanks
Non-public content, e.g. direct messages, suggested edits
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
Just got my email from Quroa...Who writes this drivel:
Conclusion
It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.
Some poor peon at the bottom of the ladder instead of the engineers/managers actually responsible for the mistake. The great thing about being at the top is being able to delegate away blame. After all, it's your job.
Doesn't seem like every breach warrants someone to get fired. The Equifax breach makes sense, there was an obvious lack of due diligence to protect user's data. But we should wait to see the reason for the breach. Mistakes can happen even if the company was trying to protect user's data.
At this point I am operating on the assumption that ALL businesses that have my data are going to inadvertently leak it at some point, and thus I am attemtping to provide individual companies with as little information about me as possible.
The toughest ones here are my online banking and my online health portal, but other than that, I have gotten pretty picky about what information I give any company.
I feel that for every company that self-reports a leak, there are multiple other companies that have leaked your data and either haven't discovered the breach, refuse to disclose it, or flat out sold your data to the highest bidder.
You would be correct. In the US, which I might remind you, does not have a national law on the books regarding data breach notification.
Even at the state levels, it’s varies pretty wildly on top of, most notifications are only required if there is evidence. So here is the challenge: what if I keep no logs, and have terrible security monitoring capability? If I am notified or discover a critical vulnerability on my own, but have inadequate logs to show or detect if it was exploited... am I required to notify? I have been told no (I fervently disagreed; I think suspected breaches, or critical vulnerabilities which may lead to breaches but were inconclusive should still require notification).
Still, I would have thought it is good practice to notify your users if you leak their data to thieves. Quora did the right thing and should be applauded.
As a counterexample, it seems that Newegg had a massive breach (thieves installed JavaScript that skimmed credit card numbers for weeks) in August, and even though my credit card was likely stolen, I hever heard about it from Newegg.
I somehow got their email a week or so after the event, and after my card's fraud prevention called for suspicious activity, reverted the transactions and cancelled my card. The bank official was not aware of the leak.
>In the US, which I might remind you, does not have a national law on the books regarding data breach notification.
Our federal government is beholden to corporations, so I don't see any legislation ever happening to punish nor place a regulatory significance on breaches.
If the Equifax debacle didn't move the needle, nothing will. How they didn't get a death penalty for not protecting one of the supports of our financial system I will never know.
As the parent said, I've just assumed all my data will be breached eventually. When it occurs I dutifully sign up for the monitoring offered and make sure to review things on a monthly basis.
Your comment on breach notification is spot on. WISH.COM has suffered down line breaches in their process and it is easy to prove by the use of virtual credit card numbers ... numbers that are generated and used at only one site. They have been silent when it is reported to them.
I don't give any real info besides my first name to any site that doesn't have a legitimate reason to need it. If they force me to confirm an email address, depending on the site, I may use one of my main emails, or may go generate a disposable address.
I have an email address that I've only ever used as my AWS account email since many years ago. Somehow I started getting spam on it last year. It is not an address anyone could guess or somehow generate based on other data points such as name or otherwise.
Many of us who operate our own mail services use a unique email address for every web service we use. You'd be surprised how many of these unique email addresses I've received spam at (and have subsequently blackholed). I would estimate less than 50% of the associated services ever report a data breach event. I figure either there has been an unreported breach or, possibly more likely, the service sold their userlist either directly to spammers or sold it to another group who was themselves breached. The upside, though, is that blackholing an address used for a single service is super simple and satisfying.
Do you have any more info on running your own mail server? I looked at doing so but was promptly steered away because of blacklisting, servers that allow it and redundancy.
I'm not sure what the up or downsides would be, but I personally just have all mail sent to *@mydomain.tld forwarded to a single email address. This way I can give each service a unique email address, while preserving the ability to divine whether a particular address has been lost or stolen, by looking at the sent to field.
Well, there's the obvious comfort of having all your mail in one place -- and all the obvious disadvantages that entails, I suppose.
Can't recommend FastMail enough- it has aliases which automatically forward mail from xyz@alias.yourdomain.com to your alias@yourdomain.com - This is very similar in practice to the + trick with gmail[1] but with the benefit that your email addresses will pass all stupid Javascript email validation rules.
I would guess most companies are not in the business of selling their user email lists, but rather, shared the user's email with a third-party company that provided some service, and that third-party company then sold it.
Can't the spammer just s/'\+.*@'/'@'/ or something and throw away the + sign and all that follows? Or the company could do this if they were selling your email address.
I used to use this technique for many years, but occasionally ran into issues with form validators rejecting the email address. I finally stopped because I never got spam from those email addresses (even in spam folder). I figured it's trivial for spammers to strip out the extra text, any half-decent spammer should know this trick. Also, I suspected they might change the +text to put the blame on someone else.
While we're on the subject, all combinations of dots are equivalent. this.isme and th.isisme and thisis.me, etc. Finite variety, but good enough for a few generic throwaways and never filtered or stripped that I've seen.
I use domain.tld@subdomain.domain.tld combined with a catch-all address for that sub-domain. It gets around various email validation regexes that won't accept +.
I've received recruiter spam to "<my_email>+fuckyouadobe@gmail.com". Turns out when I was forced to signed up for an Adobe account years ago I'd added "+fuckyouadobe" to my email and, of course, Adobe was inevitably hacked. The leaked database had somehow made its way into recruiter software. The recruiter told me their vendor and when I got in touch with them (Aevy.com) they, of course, had no idea how that email got there.
Sadly these days people are probably smart enough to strip out these additions to gmail addresses. I would guess that's what Aevy did after I reached out...
Yeah, I tag every email address I give to a vendor, and I have for years. It has helped me discover a number of breaches.
The address I gave Quora isn't in the hands of spammers yet, which is a mildly good sign. But normally it takes a while for an address to get out to the bottom-feeders, so we'll see.
Yes, heavily regulated banks and medical providers have wonderful security. You can see that they do whenever they require punctuation (but not spaces or $) in the password, and demand an 8 character password (but reject anything over 16 or 24 characters). /sarcasm
I especially like financial companies that have you login by using symantec VIP[1] which you append to your password. There's no way anyone thought that was a good idea. They did it that way because they had a worthless legacy authentication stack they couldn't rewrite, didn't understand 2FA well enough to implement it themselves, went with Symantec because "nobody ever got fired for contracting $importantfunction to $bigcompany", and the only way they could shoehorn any 2FA auth into their login flow was to concatenate it with the password.
[1] If you haven't had the pleasure of using it, it's a proprietary 2FA app that has a single seed per app install, shared between the app and symantec's database. It generates 6 digit codes that make it look similar to standard TOTP, but it's not TOTP. If you need to use it for multiple websites, you give them all the same seed hash (displayed by the app) which they use to synchronize your auth credentials with your account at symantec. IOW, it doesn't scale securely. There's also no way to have a backup 2FA device with this system; at least the two companies I've used it for haven't let me set up my account with two VIP apps on two different devices. Since normally you'll only have a single 2FA device using this Symantec VIP service, that means you have to go through a manual, insecure identity verification process to get back into your account if your one Symantec VIP device gets lost or broken.
Heavily regulated companies have a lot of Microsoft Word paperwork to fill out and months long approval cycles to wait through to get any work done, but even nastier, more bug- and vulnerability-riddled legacy codebases than the rest. Security is inextricable from software quality. Not exactly something EHR systems are known for.
Interesting. So it's just a bunch of obfuscation and 3rd party api crap around a core of TOTP shared secrets between the app and symantec? Why don't they implement it that way, and make it transparent, so that their app can add multiple VIP credentials, rather than obfuscating everything, locking it down to a single shared credential for all sites?
I work in medical devices and sometimes it feels like we have so much regulation that doing the right thing is too expensive and cumbersome. I wouldn't bet on banks and medical institutions to be extra secure. And Equifax has shown that a massive breach is not really hurting the company.
The only way to independently verify a leak is to have a third party create a couple of user accounts with unique passwords and setup a corresponding gmail / facebook honeypot account which would alert them to logins. If my quoraAcct2 password ever gets hacked and used to login to my fake gmail or facebook account, I know that quora was compromised. Works with any site.
Interesting (to me, at least) that the regular Quora update emails land in my inbox (or in the Social tab in Gmail, anyway), but the security breach notification was spam filtered...
Wow. If this had happened a couple years ago, before they made all the anonymous entries truly anonymous, this would have been really ugly.
It's a valuable lesson in "don't keep data you don't need".
EDIT: A little backstory for non-Quorans. Until early 2017, anonymous Quora answers and comments were anonymous to the public but not actually anonymous in the database (they were still "your" entries). In early 2017 they (presciently) made all this content fully anonymous, even in the database.
I worked at Quora, but left before this change was made, but I believe it was totally retroactive, mainly because I got emails with information about my previous anonymous answers and a deadline to get the one-time link.
Now... if the emails were logged and in the exploited database, then all bets are off, but there's no indication that happened at all.
There are about a hundred other things about this that give me anxiety, but Quora is run by extremely competent people (engineering and otherwise), so I am pretty confident about their ability to be transparent and to know the extent of any issue.
This entire thing is really shitty for everyone involved, but given Quora's tenure (almost nine years!) that this is the first breach is pretty amazing, and that they've done so much work to make it less of a problem is great.
None of the above is meant to diminish the general dissatisfaction others are expressing here.
As a meta point, the word "aggressive" has undergone significant scope creep in tech lately. It's worrisome that lots of people with influence have started to punish messages that, while polite, express explicit, forceful, and direct disagreement. The only remaining option is an indirect approach laden with false pleasantries and ambiguous language that leaves the reader confused about the actual state of agreement. We need to push back against false claims of aggressiveness.
Really? If I dismissed your comment with #ShitHackerNewsSays, you'd say that was a "forceful, direct disagreement"? Maybe you think this is great because "false" pleasantries are cut off, but for me that's aggressive.
It costs me money (past a certain number of freebies) to access Equifax's data on me--to get a credit report.
I get that this is not their main business model, and that their customers that they bundle and sell consumer data to are more valuable. But end users, in this case, are still customers. They still pay money and get a service in return. Contrasted with e.g. Google services, it's a different scenario.
So I'm not a security expert, so I ask this in real earnest to learn: what is it that these companies keep doing wrong, and/or why aren't they adjusting to the climate that these types of attacks are increasing over time?
Or are they trying to adjust, and the attacks are getting so sophisticated that the pace of investment in counter-measures is below that of the pace of advancement in the complexity of attacks?
Sadly, security is still hard in a lot of cases, and most everyone (product / developer / customer) is fixated on features and performance. Security is only important when it fails (very much like availability) - and by then it is really hard to retrofit.
As an example, consider an army attacking a defending army. The defending side is as good as the weakest member, because you can presume the attacking side to be looking for the weakest part and attacking that. On the other hand, the attacking side is as good as the strongest member, and having a few weaker members is ok. It is generally harder to make sure you have uniformly good defense, than getting a few really good people to spend dedicated time attacking.
Of course, this model assumes that as soon as you have penetrated the perimeter, the rest becomes easy. This is the more traditional model. People are increasingly adopting a you-are-already-hacked approach, which makes it harder to move laterally once someone gets in. However, the general challenge still applies.
No harm comes to the company after a breach so from their perspective there is no risk. Since there is no risk there is no need to improve security or reduce retained data.
It’s not really a security issue as much as an incentive issue.
It’s a whole lot of things, but first and foremost and probably the simplest explanation, security is hard. Incredibly hard.
Once you understand how difficult attack mitigation is, then you can pick and choose from a variety of factors:
- executives may not have a realistic understanding of how difficult attack mitigation is so they don’t allocate the resources for hiring
- incompetent admins overestimating their abilities
- competent admins who are underfunded
- incompetent admins who underestimate the value of the data they’re protecting
- competetent admins who may not have an accurate picture of what data they’re trying to protect so their threat model is flawed due to inaccurate information
- executives who are aware of how difficult mitigation is but don’t place customer data privacy as a priority.
- the current iteration of our growth obsessed corporate models unintentionally results in a race to the bottom in many ways.
- little incentive for companies to factor in social impacts as we don’t yet seem inclined to figure out a way to include impacts on society as one of the many metrics to measure a company’s success or failures.
It’s worth remembering though, even the most responsible, most well funded, most security conscious, and best staffed organizations have been compromised at one point or another—security is hard.
An organization running original software on the internet first needs to be preventing vulnerabilities in its own codebase. Nothing “admins” do is going to help much if the application itself is full of SQL injection and direct object reference. You can have impeccable configuration, firewalls, etc. and not even be playing the game.
Security is not too difficult on a decent network. There are several that meet Federal requirements. The problem is that the Web design was leaky in the first place. The companies that specified it wanted free flowing data above all else with authenication behind the firewall. But the W3c browser is not secure. Tim's comments notwithstanding, this occurred on his watch. We're due for a serious network, not another toy.
In this particular case it doesn't seem too bad. Someone's name and address are not (or should not be) particularly sensitive information. Passwords are, and that's why best practices only keep a one-way function of the password ("encrypted" implies that it can be decrypted to plaintext, which should not be the case).
Luckily you can sign up for Quora with any name and email. You have to assume that no matter how hard a site tries to protect your info, it will get compromised sooner or later. The best they can do is what Quora does: demand as little info about you as they need.
For anyone who missed it in Quora's post, passwords were salted and hashed, which makes it functionally impossible to decrypt en-masse. Targeted attacks (trying to discover a specific user's password) may or may not be feasible, depending on if the salts were retrieved, how many iterations and which hashing algorithm was used, and the processing power available to the attacker.
Effectively nobody is secure against an insider threat. Whereby I mean a sales agent who clicks offer.pdf.exe. Which allows an attacker to find your internal traffic stats billboard running last years unpatched drupal. Which has MySQL creds for your database sitting on it.
Information security is inherently asymmetric in offense vs defense:
Offense needs only one hole, whereas defense needs to plug all, including human behaviors.
When the offensive side finds a new attack, they can often try and see which of the victim is vulnerable, thus the offense can pick and choose among many potential victims, whereas the defensive side needs to defend from all attackers. The information, once leaked, can't be recovered - i.e. once exploit is successful, there's no "recovery" available.
All of those factors combined make defense orders of magnitude more difficult - in terms of careful attention to detail, in terms of manpower, in terms of human training and vigilance, etc. For those reasons, the best defensive strategy is to minimize the information you need to protect.
It's not the companies, it's the internet itself. The internet is only composed of communication protocols, with security as an after-thought. The solution to this is incorporating security at the protocol layer, which is the end game of crypto platforms like Ethereum.
I am not convinced by this narrative. I would rather assume that like any ordinary project, Quora also was developed with zero security in mind. I would bet in a huge amount that noone has ever said during any project meeting that `BTW. I think we should spend 2 more months implementing every detail securely`. Probably security was an afterthought.
They clarify that the passwords were indeed hashed and salted. "Encrypted" is just there to help the non-technical audience understand their passwords aren't exactly leaked in plaintext.
No details on the hashing scheme used though, so we don't really know how easy it'll be for the attacker to brute force the password hashes.
Probably written this way because this is a release for the general public. I would imagine most people expect passwords to be "encrypted" and don't know what "hashed" means, and they correctly assumed technical people will keep reading for more info
They do indeed, but then for some reason, they also say "this breach may have exposed ... the password you used" [0] which is a statement I think is wholly incompatible with the notion of "hashed with a salt that varies for each user" (but please let me know if I'm incorrect).
They can rightfully say "encrypted" to a lay audience because the definition of encrypted is not so strict as to require decryptability, but why would they say that the password might be exposed?
If the salts were stored with the passwords, it might be possible to brute-force any single (simpler) password by testing lots of salt+guess combinations. Salting only really protects against rainbow tables (pre-computed guesses for lots of passwords).
It's reasonable your password might be exposed since the attacker can now perform an offline brute force attack on the password hashes.
How likely it is your password gets brute forced really depends on the hash function used. If it's md5... all but the strongest password could be broken. (though at least the passwords were salted). If they're using something like bcrypt with a work factor of 10+, it's a different story and only the weakest passwords are at serious risk.
The fact that details on the hashing scheme aren't shared makes me assume it's not great...
Sure, but if youre using a good one you usually say what it is. "Salted and hashed" is usually MD5 or SHA1, both of which provide almost no deterrence to brute forcing.
Valid point. If you're aggressively farming data, so much so that you log them in automatically if they are logged into the google account then you better be careful with data too
From reading the details it looks like almost all user data (and every user's data) is compromised. Using the word ,,some'' should be illegal in this instance.
>I didn’t know I had a Quora account. How is it that my email or information was exposed? You may have signed up for Quora some time ago. While you might not have regularly visited or used Quora, your account remained, and this breach may have exposed some of your information, such as the email address you signed up with, the password you used, or actions you took on Quora.
Would be nice if websites measured user activity and could 'lock out' or otherwise release their data if they never use the site; at least, confirm with said user via email if the account is needed.
But in this era, I'm sure companies would prefer to keep whatever data they can get.
Byond (2d tile/sprite based online gaming platform) does this. After a year of no activity they inactivate your account, and delete the hashed password. You have to reset your password to regain access.
Barely a month back in the facebook data breach thread in HN, I was downvoted and my comment removed when I said that it has become a fashion for the top 500 web/e-com companies to come one day and announce data breach and walk away. I said there that it all looks to me as part of a conspiracy theory where they hide behind a breach to sell data/ buy data en masse for marketing purposes.
I don't think large companies have much interest in selling data. It's a long-term asset. The real money is in renting. E.g., Google and Facebook make a lot of money renting access to you based on the data they have. That's far more lucrative than selling the raw data once.
Also, it's implausible to me that selling the data wouldn't come out eventually. As we saw with Cambridge Analytica, even pretty obscure uses of data can eventually turn into giant media exposure for privacy breaches. The brand damage is is very expensive. Facebook's market cap is down something like $100 billion; there's no way they could have made that kind of money from trying to quietly sell copies of their data.
Selling the data outright is not worth anything. Public identities can be scrapped and bought very easily already. Most companies with personal and contextual data like this sell access to it, usually in the form of ads.
They are hiring people based on leet code questions and school prestige and not based on real technical knowledge about systems. Their business people are top school MBA grads with no security domain expertise. They then proceed to build massive data collection programs using open source tooling that non of them fully understand. Their business model depends on that data and monetizing it in various ways. An so the complexity of their application goes through the roof with regards to user data. Their user facing web apps are the tip of the iceberg for a massive surveillance scheme.
The big companies, Google/Fb/etc hire that way but they also bring on niche experts. Leet code at those companies is for the code monkeys. They hire the people writing the ML/distributed systems/security code out of PhD programs and targeted hiring. Theres more to it, dont feel like typing it all up
I believe you're being cynical, because this forced name policy allows for answers to be of higher quality, which is basically their entire selling point - being a better yahoo answers.
If you want anonymity there are other platforms for that, stackexchange for example.
Ask MetaFilter is a much better Yahoo Answers, but I can be pseudonymous there. Also, my pseudonym is much closer to a real identity than what's on my driver's license.
I don't have any real reason to fear sharing my "real name" with Quora. I'm lucky. But I'm not the only person in the world. Good thing I'm not trans or a religious dissident. Good thing the only thing stopping me from contributing to Quora is my ornery nature. I would hate to for the world to miss out on my Quora contributions for a good reason.
Good thing Quora doesn't have my "real name" is all I'm saying. I have an interest in privacy, even though I use the same pseudonym as my identity on LinkedIn, Twitter, Facebook, and Instagram. And Ask MetaFilter. And so many other places. I shouldn't have to beg to use my preferred name on Quora's bulletin board, regardless of my reasons. It's none of their business.
There's nothing about a "real names" policy that automatically turns a shitposter into a quality contributor. There are plenty of reasons not to wear a target on your back and self-doxx. Today's misadventure is one very good reason.
> That's a false dichotomy. Ask MetaFilter is a much better Yahoo Answers, but I can be pseudonymous there.
There's an example that just happens to be the greatest knowledge platform ever built in world history. Wikipedia allows non real name contributions. Plainly next to that, Quora has no legitimate excuse for requiring real names to ensure quality. It's for one reason: $$$. They have to figure out how to reach a $3b valuation at some point so their VC owners can get a reasonable exit. It guarantees an inevitable disaster for a knowledge service. The conflict between quality and always needing more and more junk content to slap ads on and allowing for abusive business practices to reach for that fat exit for the VCs. And if you don't do it, they'll put someone in charge that will. Unless you can find another business model as Stack Exchange did, stay private & small/lean (so you don't have to try to pretend to be a $3b company when your business model will never legitimately get you beyond 1/20th that), or go the donation Wikipedia route.
Yes. Within hours of registering my account, Quora emailed to let me know that my name sounds fake and that I have to prove my identity with government ID, or I can't use Quora on an equal basis with other users. It really burns me!
I think part of their reasoning is "hey, we have prominent users! Let's make sure everyone knows it!" But Ask MetaFilter has famous users. They are in no way diminished by my pseudonymity.
Plus I know how to change my name. I can spend $100 at the courthouse, and get an ID that would force Quora to let me use my preferred name. My point is, Quora doesn't get to be the impetus for my legal name change. I don't need Quora's permission to call myself what I prefer to be called.
Not saying I agree with them (honestly Quora should die and burn in hell), but if you really need the service can't you just give them a middle finger in the form of a fake ID? Best case scenario it works, worst case scenario they still don't reopen your account. Either way you don't lose anything.
It's not that hard to be as anonymous as you like on Quora. It's been a while since I contributed, because I got tired of their schizophrenic moderation, but I don't recall that mobile text authentication was necessary. Unlike say, Twitter. And even that isn't all that hard to get around, using hosted SIMs.
Can you elaborate on the hosted SIMs thing? More and more websites are starting to ask for SMS verification and blocking VOIP numbers like google voice and it is getting really annoying.
It's impossible for me to be as anonymous as I like on Quora, because they require a government ID with the name I want to use. Which isn't even that weird! It's my legal last name, plus my childhood nickname for a first name.
Your name just didn't provoke their Real Name Gestapo.
I've got this meta schadenfreude seeing things succeed that HNers hate. The new MacBook Pro and any unicorn startup that posted a Show HN. It's cute how HNers actually think that they're relevant.
This is why I hate companies that force you to sign up to gain access to content. I do not want that relationship. Sooner or later those systems will be legacy and then maintaining them will be a pain. Bitrot will set in and sooner or later there will be a breach.
One new development is that you used to be able to get your invoices mailed via snail mail. Then that disappeared and you got your invoices mailed via email. Then that disappeared and now you have to create an account on some portal so that you can download your invoice. So that's one userid/password combo per business relationship or service that you use privately. Healthcare, HOA, insurance, payroll etc., every bloody two bit player requires you to log-in to their oh-so-secure service rather than that they send you your stuff. Which requires a ton of overhead and - sure enough - sooner or later they get hacked because by then the amount of data they hold on to is more valuable than their security could reasonably be expected to defend.
If your main concern is the sheer number of username/unique password combos, pick a good password manager that works well across the devices you use. I’ve literally stopped caring about this aspect of my family’s online life thanks to 1Password. That iOS 12 added OS level integration for the service was the icing on the cake for me.
Agreed. I never would have thought that the problem that motivated Persona would have been solved this way... but the combination of TouchID/Face ID and 1Password has made account setup/maintenance sufficiently frictionless.
Worth noting that they encrypted end-to-end encrypted. So they would have to get their storage system hacked as well as push out malicious clients to collect secret keys in order to obtain your passwords.
Using a password manager (which I do) is a valid coping mechanism, but does not fix the root concern: for 90% of these cases, one shouldn't even need an account. I don't want personalization. I don't want some new identity to manage. I don't want a relationship with your service. I just want to browse the goddamned web! How did we get to this point where in order to use the Internet you have to sign up for all these free accounts and generate all these ridiculous username/password combinations?
Oh, and OAuth is a similar coping mechanism. You shouldn't need to log in to something to browse the web!
How did we get to this point where in order to use the Internet you have to sign up for all these free accounts and generate all these ridiculous username/password combinations
We stopped using sites built by amateurs in their spare time and demanded "beautiful user experiences" that we didn't pay anything for. That costs money, so people who wanted to solve that "pain" looked for business models that meant they could deliver what people want without charging directly. Hence we have an Internet driven by advertising and privacy violation.
I propose the alternative view: we did no such thing.
We didn't demand shit. We only chose from what was available. People trying to make money on-line have, over time, perfected both the design and the business models. At every step of the way, we had a choice between status quo and this new service that's prettier and offers more, for free, with user-hostile monetization scheme that wasn't immediately apparent. Step by step, we've been had, like the frog in the boiling frog fable.
I use privacy.com and Lastpass to help with this problem. Any time there is a service I have to have a business relationship with that I don't trust to keep my info secure, I use a unique password and a unique credit card number with a tight limit. What's nice is that they tie the card to a single vendor too.
For example, the water company. I know the water bill is usually $50 or less, so I set the limit to $60/mo. As it turns out, they did get breached. I got an alert about someone who isn't the water company trying to hit the card for 80 cents. Most card runners use amounts under $1 because most credit card spending alerts have a $1 minimum. But privacy.com warned me, so I warned the water company, who was very thankful. Turns out their 3rd party provider had been breached and they were grateful for the alert too. Ended up saving a few thousand of my neighbors a lot of headache.
You could just use a normal Citi or BoA or any other card that generates virtual card numbers and that'll also lock it to that vendor after the first charge. So that they couldn't even hit it for $0.80 if they wanted to.
Last time I checked, both Citi and BofA give me virtual card numbers via a Flash plugin. I really have no desire to run Flash any more. Has that changed?
That's one good reason, another is probably pushback from merchants. Having these virtual cards completely shuts down the "free-trial-we-hope-you'll-forget-and-let-us-ding-you-for-a-month-or-two" business model that's so popular for online services.
Not sure you need merchant pushback there - if it leads to unexpected charges then it's more likely to lead to inability to pay, or short payment, which gives the credit card companies their chance to feed off the client.
Wouldn't the bank still know your full purchase history (since they know what numbers are tied to you)? So they'd in fact get a leg up on the competition, who get a more distorted view?
Unless they work with an analytics system that mastercard, visa & amex participate in to link card numbers to invoices for better advertising & affiliate data.
I know FB & Google purchase something like that from one or two credit card companies, so I wouldn't be surprised if merchants were in to it too.
Capital One gives virtual card numbers via a Firefox or Chrome extension, which you use on the check out page of the site where you want to use the virtual card. It is quite convenient.
The virtual cards don't have separate spending limits, though, so it is not quite as good as BofA or Citi for use with questionable sites.
the real feature of privacy.com is the ability to use any address. who cares if your CC is compromised? get one just for recurring balances and another for everything else.
I don't follow your argument. Yes, any merchant is going to get hacked. My argument is, I don't care a whit about my CC being stolen. My liability is zero and I can just get a new card. The only thing I care about is the hassle of setting up a new card for recurring balances. Hence, why I need at least 2 cards.
OTOH I do care about my name, address, and other PII being stolen. That is where privacy.com is a help. But not because it protects me from CC loss.
Lastpass has been going downhill with every acquisition and had gotten to the point where autofill failed on the majority of sites and the "copy password" menu item disappeared, bringing clicks-to-login from 1 to ~10.
A few weeks ago I saw bitwarden finish their third party security audit and took the opportunity to jump. Couldn't be happier. Autofill fails less, the "copy password" menu works, the mobile experience isn't intentionally broken to sell an app, and export->import went without a hitch. Better, actually: it is the first time I have done an export/import and had the resulting data immediately work better in the second app. There's also the hope-springs-eternal factor of bitwarden giving me the option to host the sensitive stuff myself once I get off my butt and set up that server I've been meaning to for a while now.
If you're thinking about lastpass, save yourself the trouble and try bitwarden first. Or something else, but bitwarden has been good to me and lastpass, well, hasn't, to put it politely :)
I've been looking into password managers for my team/department, and bitwarden has some good looking stuff, but they seem to only invoice in USD, which creates constant friction for recurring IT bills at my company.
Hmmm, I have been using the Keepass + Dropbox combo. Wanted to change to a more streamlined experience. The current choices of 1Password, LastPass and Dashlane didn't seem to attract me.
This is what I do too. Biggest complaint is the lack of official apps for mobile devices. I’ve used MiniKeePass in the past but am hesitant because there doesn’t seem to be much active development and I don’t see the source code anywhere.
Do you access kbdx files on mobile devices? If so, what do you use?
The biggest problem with MiniKeePass, in my opinion, is that it doesn't support the new iOS autofill API and that it doesn't support even basic syncing. You always have to make a manual copy of the database file and you can't really create logins on mobile because of that.
There's a fork of MiniKeePass called KeePass Touch, but they don't publically host the source code anywhere. You have to email them to ask for a copy of the source code, which is technically GPL-compliant, but a bit annoying.
I've never used any other password manager but just wanted to say I love Lastpass. It very rarely fails on autofill for me, it saves all my passowords nicely, has secure notes, organizational sharing for teams. I find it to be really great.
I do love lastpass but since switching to Firefox 100% away from Chrome, the lack of copying a password to the clipboard without seeing it first really stings. What if someone is sitting next to me, or someone is grabbing screenshots or streaming my screen? It's like having this super secure electrified iron door installed but neglecting to lock it.
Is anyone aware of a technical reason that copy to clipboard is absent in Firefox, or is just laziness? If laziness, I'll dump them tomorrow.
I'm using lastpass with firefox nightly and I don't have this issue. copying the password to clipboard without seeing it works out of the box using the browser extension.
I recall that the initial release of the Web Extension support was a bit threadbare, and/or that they had to change the extension ID or something of that sort, but it's also possible it was left out for existing design reasons/as a cudgel. In either case this whole thread has been useful for alerting me that I should re-evaluate if Lastpass is the optimal solution for me.
I switched to LastPass from 1Password because I hated their whole mobile sync thing where you had to be on the same wifi and start your Mac app to sync etc. I understand that it's more secure that way, but that trade-off was not worth for me. Has that changed in the meantime?
I tried that on Win10, and it didn't work for me. It was the last straw. Honestly, why on earth do they need it anyway? HTML5 has had a Clipboard API for a while now.
I've used both extensively and Bitwarden is just a dramatically higher-quality app it's not even funny.
I moved from LastPass to 1Password recently. Had been using LastPass for several years, but filling failures, the lack of copy password in FF (and no binary workaround for Linux), and generally unhelpful support when I contacted them prompted me to move.
Very happy with 1PasswordX (the browser-only version) - filling is much better, copy is supported out of the box, support have been very helpful when I've reached out. Much better customer experience.
I was a 1Password fan for many years, until the big push to go subscription. For now I'm just using Apple's keychain until I decide what tool to use next. If you're in Apple's ecosystem, keychain actually works pretty well.
You can still purchase a standalone license, even for v7. Sure they want you to rent access to your data, but that's not the only path. I also recently taught KeePassXC to read the 1P on-disk vault format, so you can continue to use 1P even in Linux, and even if AgileBits goes under.
+1 for bitwarden. Not a security professional, but it seems to be a good tradeoff between security and usability. Definitely better than lastpass on both counts.
LastPass is one of my least liked most used tools. Everything about the implentation feels second rate; slow, unreliable login capture, unreliable form fill, occasional inability to edit records, buried password copy, clunky UI, inappropriate modal nagging in browser and app... Most times I use it I am cursing it.
I tried to switch to pass, and I'm not sure if it was something to do with how I imported but it didn't list my passwords and the browser plugin was clunky and didn't work. Anyone had success with pass/gopass.
Bitwarden seems like a happy Medium, I'd rather not do my password ops. The pricing seems fair (and rather optional). I'll try it, thanks.
Check out Keepass! Rather than syncing directly into a Cloud, it allows you to store a database file into any location. It supports MFA (e.g. by combining a password with a secret file, or a Yubikey). And everything is open-source.
I like the model a lot, because it solves the "database ownership" issue, where your Password provider (be it LastPass, 1Password, etc) becomes in itself a weak link.
I used to use KeePass but the lack of a proper crossplatform UI eventually broke it for me; KeePassX on linux looked and performed terribly, the Android app was just bad, etc etc etc.
I switched to 1password which - at least at the time - offered a web-based fallback hosted from your own dropbox. Plus at the time you owned the data and were responsible for storing and syncing it. Dropbox support came out of the box but if you want you can use a local file.
Yeah you're right, I believe it's based on .NET so on Linux you'll have to use Mono. For the plugin ecosystem, that's suboptimal because you'll have to rebuild a lot of plugins from scratch.
I used to be a 1password user, but they were pushing their premium, cloud-based offering a lot and lacked Yubikey support so I switched away.
I'm in the same boat. The user experience on it is terrible now.
The worse thing that happens to me is if I generate a password, and then Lastpass doesn't save it! It feels like a 50% shot it will actually save the generated password.
I have nearly 1000 passwords stored in it now, so it's going to be a huge pain to migrate.
This is by far the worst. I have LP set up with a shortcut + fingerprint tap on my MBP, which works great until I'm generating a password, which never gets saved. I have to remember to get my vault page open ready to fill in before I generate the password, because if I generate one from the toolbar dropdown I'll never see it again. Ugh.
LastPass Mobile UI seems to be intentionally crippled ( https://vgy.me/9r29bm.jpg ) I assume because they want you to download the app, pushing you to purchase their license.
If you load the same site using "load desktop site" the UI gets fixed.
It is puzzling. My feeling is that for quite some time they had a lead on features (cross-platform, browser overlay, secret sharing) - particularly the combination of features whereas competitors always seemed to have a subset. That's what reluctantly kept me with them. The software quality does just seem quite bad though.
Bitwarden is best. I hope they will not get bankrupt from free users. Its funny it is cheapes but also works the best out off all managers i tried. Dashlane is good but its so much more expensive. Bitwarden will slowly kill most of the managers if they keep up the great work.
I will add this to my password manager binge (because I know how to party). I did find the NPM build a bit frightening though - module 956/1xxx built...
Also that site looks like it should be selling something but I see no money hole - should I be worried?
I have been using Pass [0] with passff [1] and been pretty happy about it. Simple and offline password management where passwords live in gpg encrypted files. Additional features I like are tracking changes with git, bash completion and copying passwords to clipboard for few seconds temporarily, and a few very useful extensions.
I use pass with keyboard Maestro on the mac it just gets a autofill input for the password I want, them opens a terminal and asks for the master password if needed and puts in the clipboard. Very friendly way to use it.
Pass is awesome. I use it in combination with a YubiKey to store the pgp key. Because every password is stored in an independent encrypted file and every decryption needs a press on the YubiKey even a stolen database and keylogger does not provide access to all passwords.
I found the same thing with their client apps, should have checked core to see if there weren't any there as well.
I switched over about a week ago and find it pretty solid, but it's missing alot of the quality of life features that last pass had. You can't just hit command + c whilst on a entry and have it copy the password, they haven't implemented the new ios 12 features that make password managers much better on ios.
I'm running them both right now as I'm not fully committed to the switch over, but I'll see how the features get added over time.
We have a tendency to compare opaque with transparent and balk at what we find, but I question what you would feel if you could see through the opaque.
That is true, but at least they have code review and multiple people ;) I'm just estimating from my experience that after a certain point, most companies start writing automated tests.
And if you look at their jobs page, one of the job description points is "Create unit tests for existing code to run faster and more reliably.": https://1password.com/jobs/droid-builder/
They might even have a few QA people AFAIK!
I understand why the single founder / engineer of bitwarden doesn't have tests. When you're a startup not writing tests can speed you up significantly. But after a certain point they are going to need automated testing, especially for something as vital as this.
For me, the lack of open source in 1p has been a sticking point, and I was planning to migrate after the audit. But seeing no tests, 1p documenting their security model and bitwarden not being good enough compared to 1p in UI has me sticking to 1p for now. I have high hopes that bitwarden will get to that maturity point one day.
I've thought about setting up a personal NAS for this purpose.
But I'm concerned about having a single point of failure/loss in the event of a house fire or burglary.
Any chance you've addressed this risk in your implementation?
Yep, I use KeePass synced over my selfhosted nginx server. But you can use Dropbox/Google Drive/etc. just as easily.
I would like to also recommend the Firefox extension 'Kee' for autofill. On Android there is the 'Keepass2Android' app. Both are open source and work well.
I also recommend the KeePass plugin 'Yet Another Favicon Downloader'. It downloads favicons from websites for your password entries.
Also 'Keebuntu' is a plugin that makes 'minimize to tray icon' work for me on Linux.
I migrated over from Lastpass to Dashlane a few years ago. Couldn't be happier. It integrates with everything and as far as I understand their encryption is better than Lastpass, although I couldn't say how.
I'm also a happy Bitwarden customer. I especially like that it is all Free Software (combination of GPL 3 and AGPL across various parts), which to me is important for security and privacy related software. I've also had good experiences with Bitwarden support from Kyle, the lead developer and founder.
LastPass is not helping you with privacy here. From their tos
tos:
> You may use our Services only as permitted in these Terms, and you consent to our Privacy Policy at https://www.logmeininc.com/legal/privacy, which is incorporated by reference.
pp:
> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data to help us support the Services.
> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
and
> Some specific examples of how we use the information:
> * Conduct research and analysis
> * Display content based upon your interests
> * Market services of our third-party business partners
and
> 4. Information Sharing
> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure and (d) as needed for legal purposes.
and
> Examples of how we may share information with service providers include:
The traditional pitch from security experts is "Using a password manager is better than reusing the same password on lots of sites, or using low entropy passwords, or saving your passwords in an excel spreadsheet, which is what you were probably doing before"
Apart from shoulder-surfing wouldn't an encrypted spreadsheet be equivalent (not Excel, as I imagine MS might randomly send that data home, eg of there's a crash)?
In both cases once there's physical compromise, if they have the "master" password you're screwed?
I presume they use clipboards for the pasting, or do typing that could be captured bya keylogger.
Was the water company thankful enough to compensate you for the $X,000 consulting services you provided because they didn't set up their own security monitoring?
Given their lack of security, I’m guessing they have no idea of the value that I provided.
It’s all good though. Knowing I helped thousands of my neighbors is compensation enough. Besides, if they gave me a credit, they’d have to hike everyone’s bill to compensate!
I guess the money diesn't matter to you personally at all, but they could pay a bonus from profits, or by cutting executives wages (if they're a non-profit). It's not like the only means of paying is gouging customers.
I’m using two personal domains fo host my own email. One domain is purely for registration/junk purposes and it forwards *@junkemail.com —> junk@myemail.com.
The same server uses nextcloud for calendar/contacts/webdav
I use the password manager Enpass which can sync via webdav across my devices.
Everything selfhosted and emails/credit cards disposable
I looked over privacy.com - specifically their security page[0] which reads impressively. As I looked at my "dashboard" I couldn't help but notice (according to uBlock Origin) that privacy.com, ironically, connects to facebook (.net) and google (fonts, apis, gstatic).
I'm certain none of those 3rd-party connections are necessary and yet... like muscle-memory... devs continue to thoughtlessly invite tracking.
I've seen people include such tags on the logged in areas for cancer patients in medical websites without batting an eye and wondering why that's a bad thing.
Haven't looked very closely, but how do you think they make money by offering virtual credit cards for free? I bet they will track all your purchases and resell them for marketing later.
Fonts and other stuff from google and facebook is just a small piece of the puzzle.
Given the shady things people have found their smart TVs doing, I'd feel about as safe typing a password into a smart TV as I would changing the password to "hunter2".
The TV should display (or maybe email) a link that I would visit with my primary web browser and grant it permissions - or ask for a password as a very last resort for users who have no computer/phone but somehow have Netflix.
Plex and Roku do this. They give you a simple one time URL like plex.tv\U23SL
That URL asks you to log in (on your computer) and once it's authorized, the Roku or Plex on your TV gets the signal and continues. Easier than typing on a TV device.
Haven't had to do that yet. My uh-oh case is VR. I just typed 5 chars at a time in the headset and then looked at my phone. The occasional cost is worth it though, only adding ~30 seconds
On my Android TV, I can use my phone as a remote keyboard and copy/paste. But there are some apps which design their own inputs incompatible with the remote keyboard. When this happens I can plug in my physical keyboard directly to the TV.
I use keepassx, a local password manager. I don't trust centralized online password managers with browser extensions. Huge attack surface. I copy and paste usernames and passwords.
Same. Where do you keep the db file? Mine's in the cloud and I can't help but think it reduces security, but then I need access to this data from various locations.
I worry about this too. I store the database itself in Dropbox, and I also use a keyfile alongside the password to open it. I can easily recreate the keyfile on any computer, but it never goes anywhere near the internet.
In addition to that, for my really critical "gatekeeper" accounts, I don't put the full password in the database. Just a reminder that this is a "special" password, which needs to be combined with another bit of info in order to work.
I just live with the fact that I can't use this system on my phone, and for my usage patterns, that's fine. There's nothing I need to do that's so urgent that it can't wait until I'm back in front of my computer.
I also do that (almost, keeweb + dropbox) and copy paste logins, but a serious problem is that you need to clear the clipboard after, otherwise any other site you visit can read it.
I use BitWarden, and they let you self host the service if you want. I haven't done it yet, but I'm definitely considering it. However, passwords are encrypted on your machine then uploaded, so it's a bit more secure than them managing everything on the server.
What bank/card allows you to create unique credit cards with separate limits? The one I was using (Swedbank/visa/mastercard) stopped providing this service last year.
Privacy.com allows you to create virtual credit cards once you connect a source of payment to your account. Can be bank or debit card. I personally create one credit card for every paid subscription I have with the limit set on the amount that's supposed to be debited (eg. Monthly limit on Tidal charging $20).
Privacy is a game changer for online transaction security imo. An additional benefit is the ability to subscribe to "try free for a month but oh wait we need your credit card info first so when you forget to cancel we'll keep charging you". Simply create a virtual card with single time spend limit $1 less than the monthly subscription charge, and you can rest assured that your one month trial is a one month trial.
In order to use Payment Services, you must be at least 18 years old. You confirm that you are either a legal resident of the United States, a United States citizen or a business entity authorized to conduct business by the state(s) in which you operate and that you are an authorized signatory for the business you represent.
Revolut standard account (w/o monthly fees) gives you a Virtual Card which I use when I don’t trust the site I’m buying from and after the purchase I just freeze it.
With the premium cards on top of other perks there’s also Disposable Cards which creates a virtual card for every transaction you want and as soon as that card gets used, it’ll destroy it and create one brand new.
For separating limits you can create multiple virtual cards each with limits once met will freeze the card.
Citibank offers virtual credit cards. Once they are used by one merchant, they can not be used by any other merchant. On top of that, you can optionally give them money and time limits.
I rather like this feature from CitiBank. I hate the interface, but the feature is great. I can use it to sign up for monthly services that I'm unsure about. If I don't want to go through the hassle of canceling the service, I just don't renew the cards.
I also use it with sites I don't necessarily trust, like a random auto parts store. If it were a tad easier to use, I'd use it for nearly everything.
What about using a completely segregated secondary account? I have a Simple account, and that's all I use it. I only ever have a couple hundred in there at any time.
What makes you trust LastPass that they won't sell/leak/expose your passwords from some backdoor or under the table deal? I'm asking because this is not a public company or an entity that can be held responsible in any way for such an act. It's just another startup obligated to make their investors 10X returns. I haven't read their agreements but I'm pretty sure any lawyers of such companies have enough clause to absolve them of any such acts.
They don't, officially. Nothing is stopping them from updating the client to siphon your passwords or the encryptuon key, though. This is a problem all password managers have.
It would be nice to have some kind of communication protocol that could be provably restricted from passing whatever the company wants.
They do store your "vault" on their server. It's encrypted though using key that doesn't leave your computer. However I can easily imagine deliberate as well as innocent "mistakes" in browser plugins and other weak links in architecture that would expose the master key and hence your vault.
Its unfortunate that privacy.com is only for US residents. Does anyone know of a similar service that's available for Europeans as well? Specifically the virtual card feature. Most of the services that I've seen to offer something like this are for EEA residents only. This seems to be a new restriction imposed by Visa/MasterCard.
You also hit on a very easy solution to for those who aren't going to go to those extremes: be sure your notifications are set up. Getting an email within minutes of every purchase or paid bill has been great.
I have a hard time trusting _any_ of the password services that host my passwords.
Single point of failure. Even if they claim they're "encrypted so that even THEY can see them", it's so easy to mess up encryption, it makes it a single point of failure.
I still share passwords between my devices though, but instead I use KeePass along with the Android app. For less critical passwords I let Chrome keep them; I _mostly_ trust Google, and non-critical passwords are exactly my level of trust of Google.
And I also trust Google to share my (encrypted) KeePass file with my devices. But now it's two points of failure: Someone would have to break into a private Google Drive, get my KeePass file, and break the KeePass encryption.
And I trust _both_ KeePass _and_ Google more than I trust Lasspass to get security right.
Yep! You can create "burner" cards that become invalid after one use. I actually never use that feature, because sometimes vendors screw up and have to put the charge through a second time or whatever. Instead I set a lifetime spending limit $1 higher than the purchase I'm making.
Interesting. I literally don't care if my CC information is stolen from a merchant -- I have zero liability for fraudulent use on all of my cards. Why do I want the friction of privacy.com?
The one thing that is cool, for items that don't have to ship in the mail, is the ability to use any name and address whatsoever with the merchant.
For that reason they normally provide download/print links. Sending invoices/statements/pii through 3rd-party corporations through email is a privacy concern. Companies need to be able to control the entire loop to ensure privacy, which is why they are moving to the portal model with email alerts.
Email can be encrypted. Besides that most of the time these very same services have (broken) password reset processes that rely on that email address anyway so the security improvement is nil in practice.
No medical practice, HOA, etc. is ever going to ask its patrons to fiddle around with PGP. The receptionist is not going to ask my grandmother for her public key before her hip replacement. Email functionally cannot be encrypted unless all parties to the conversation are in a tiny cohort of computer enthusiasts.
Password reset is a noisy, active attack compared to eavesdropping somewhere in the path of an email.
No, it is not. My email account is - obviously to say 'secure' as a binary proposition is inappropriate, but about as secure as anything on the Internet ever gets for most people. Training people to click an email link and type their password into the resulting page, by contrast, basically throws the entire concept of security out the window.
This is exactly what has me excited about the new content model for the web Eich proposes. I just commented in another thread [1] but essentially:
1. enable donations / tips / subscriptions to sites using a browser-native crypto wallet
2. use ZKP anonymity
This enables a publisher / subscriber business model of 'dollars without data'. Which should really be the Minimum Viable Product for a publisher.
PII data for marketing is the icing on the cake for publishers, but the bar is high (and getting higher) around sharing that, and many of us want to support sites, but don't want to go through N+1 payment gateways and digital identity forms just to read some content.
From this perspective I see Brave and BAT as enabling a very old model: I give you a quarter, you give me your newspaper. End of story.
I'm very excited about Sovrin and other Self-Sovereign Identity solutions. As one of the engineers at Mainframe (we're building decentralized, unstoppable apps that keep data and relationships in control of the user) I think what you're talking about is one of the top two value-adds for decentralization for western societies.
Brave and BAT are attempting the same thing from a slightly different direction than we are--they are attempting to bring privacy to partially-decentralized apps; however, I don't think this will ultimately succeed--privacy is broken by the weakest link. As soon as you allow some connection to some server somewhere that's exfiltrating your interests, you now have advertisers lining up to buy that data and exfiltrate more. As far as I understand the "hybrid decentralized app" model, where DNS and web2.0 are allowed, you permit these weak links to exist.
> One new development is that you used to be able to get your invoices mailed via snail mail. Then that disappeared and you got your invoices mailed via email. Then that disappeared and now you have to create an account on some portal so that you can download your invoice. So that's one userid/password combo per business relationship or service that you use privately.
It's annoying being on the other end of this: management deciding, for cost reasons, that snail mail is out and email is in.
Somebody else then worries about the risks of emailing documents that contain private information.
I think a case can be made that some kind of email token login is the simplest solution here: passwords only introduce another attack vector since you can usually reset them by email.
Companies hate users who don't want to sign up. They do not want that relationship. So it's a win-win if you dont' sign up. Why would companies feel obligated to generate content for free?
If their systems get hacked and they have your snail mail address, they get your snail mail address as well. Email doesn't change that story.
Yes. The strategy is to generate SEO for every possible question someone could ask on Google and then link it to Quora.
It had amazing content in the early days and still has great answers but the sheer number of nonsensical or slightly tweaked but endlessly repeated question is driving away writers. Paying people to post these questions is just backwards.
Snail mail is already gotten. I get junk mail from 8 different past tenants at my unit, and I'm sure I'm still getting junk mail at all my old addresses. Google your name right now, and I guarantee you will find your address and other personal info on one of those dime a dozen background check sites, because companies have operated under the philosophy that your phone numbers and physical addresses are public facing information that you could find in a phone book, and are free to sell or pass along.
physical mail is hardly more secured than email. 'literally anybody' could is in front of your house and fish all the mails straight from your mailbox while you are at work.
It's more secure in that stealing mail off endpoints requires the physical presence of, and personal risk to, the thief, and it's not scalable short of getting an army. By contrast, email can be stolen in bulk by one person anywhere in the world, from the comfort of their home or office.
This is an example where they decided their business model trumped user security. It’s hard to monetize an easy to access collection of free data. I hope we can find better ways to fund internet services than by consuming data from the users.
I got an email that included “personalization data” in the list of data types that were stolen. The help page also says that information on “actions” was stolen.
Does this mean that every question or answer I’ve viewed is now in the hands of the attacker?
Very likely. They had really poor privacy practices. At one point, a 'feature' was displaying in a sidebar who all were looking at a given question. Great for people looking for resources on gay rights, domestic violence etc. /s
Quora does not only want you to sign in, they want you to show your real identity instead of a handle or another pseudonym. For a simple online service, it should never be necessary to use your real identity, if only as a privacy-enhancing measure.
As a reminder: Last year, Quora moved to 'new anonymity', i.e., no more anonymity. I had received the following message on 16 March 2017:
Hello! We will be moving to the new anonymity on Quora experience very soon. If you would like to edit or delete your existing anonymous content in the future, please provide your email here before March 20, 2017. You are receiving this message because we have not yet received an email from you. Please note that if you do not provide your email by March 20, 2017, you will need to contact us using our Contact Form and selecting “I need help with my account.”
Use a social login. If you for example use gmail for email, then it makes no sense to create a password as opposed to just logging in with your google account instead.
Suggestion: If you want to prevent the next leak from affecting your personal data then close your account (if you have one) and send them a GDPR Erasure Request: https://opt-out.eu/?company=quora.com#nav
Just last week I wanted to look up how much I bought some appliance for, five years ago. In the e-mail I see a link that is supposed to let me download the invoice... which of course no longer works because they have updated their ordering/billing system.
> This is why I hate companies that force you to sign up to gain access to content
I always found Quora's use of dark patterns and baiting you in from search engines then blocking the content particularly egregious. Always made me surprised anyone held that site to such a high standing and I can only imagine it's because the advocates never knew how awful the experience was without an account.
That's because a few years ago a website that let you login meant it was a "real" website. Look at phone systems. Every one you have to deal with says please listen carefully as our menu options have changed. Then they lead you through an audio menu with the same bullshit that turns a 15 second interaction into one that could last hours over multiple phone calls.
My point is people do cargo cult everything. Could the service be BETTER without forcing the user to sign up? Inconceivable! Everyone knows you should force users to sign up.
Yes, but they also allow organization accounts now, and they're rather slow at dealing with spam so around half the people you see are using fake names.
524 comments
[ 2.6 ms ] story [ 294 ms ] thread---
Based on what we have learned, some of our users’ information has been exposed, including:
- Account information (e.g. name, email address, encrypted password, data imported from linked networks when authorized by users)
- Public content and actions (e.g. questions, answers, comments, upvotes)
- Non-public content and actions (e.g. answer requests, downvotes, direct messages)
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
---
What information was involved
The following information of yours may have been compromised:
Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
Non-public actions, e.g. answer requests, downvotes, thanks
Non-public content, e.g. direct messages, suggested edits
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
Conclusion
It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.
The toughest ones here are my online banking and my online health portal, but other than that, I have gotten pretty picky about what information I give any company.
I feel that for every company that self-reports a leak, there are multiple other companies that have leaked your data and either haven't discovered the breach, refuse to disclose it, or flat out sold your data to the highest bidder.
As a counterexample, it seems that Newegg had a massive breach (thieves installed JavaScript that skimmed credit card numbers for weeks) in August, and even though my credit card was likely stolen, I hever heard about it from Newegg.
Our federal government is beholden to corporations, so I don't see any legislation ever happening to punish nor place a regulatory significance on breaches.
If the Equifax debacle didn't move the needle, nothing will. How they didn't get a death penalty for not protecting one of the supports of our financial system I will never know.
As the parent said, I've just assumed all my data will be breached eventually. When it occurs I dutifully sign up for the monitoring offered and make sure to review things on a monthly basis.
Your comment on breach notification is spot on. WISH.COM has suffered down line breaches in their process and it is easy to prove by the use of virtual credit card numbers ... numbers that are generated and used at only one site. They have been silent when it is reported to them.
and then the monitoring company gets breached.
I don't give any real info besides my first name to any site that doesn't have a legitimate reason to need it. If they force me to confirm an email address, depending on the site, I may use one of my main emails, or may go generate a disposable address.
It helped me find out a couple of local companies that are selling my data to spammers.
Well, there's the obvious comfort of having all your mail in one place -- and all the obvious disadvantages that entails, I suppose.
[1] https://www.thewindowsclub.com/gmail-address-tricks
Although many services are getting wise to many of these services and not let you sign up with their domains.
John.smith@gmail.com
Johnsmith+quora@gmail.com
Johnsmith+equifax@gmail.com Etc...
I've received recruiter spam to "<my_email>+fuckyouadobe@gmail.com". Turns out when I was forced to signed up for an Adobe account years ago I'd added "+fuckyouadobe" to my email and, of course, Adobe was inevitably hacked. The leaked database had somehow made its way into recruiter software. The recruiter told me their vendor and when I got in touch with them (Aevy.com) they, of course, had no idea how that email got there.
Sadly these days people are probably smart enough to strip out these additions to gmail addresses. I would guess that's what Aevy did after I reached out...
Anything that can go wrong, will go wrong [0]. Anything that's isn't disallowed by quantum mechanics, will eventually happen [1].
So, if businesses made it cryptographically impossible to leak data, maybe it wouldn't happen, assuming it is even possible to make it impossible...
[0] https://en.wikiquote.org/wiki/Murphy%27s_law
[1] https://en.wikipedia.org/wiki/Totalitarian_principle
The address I gave Quora isn't in the hands of spammers yet, which is a mildly good sign. But normally it takes a while for an address to get out to the bottom-feeders, so we'll see.
Can you go into detail on this? What exactly do you mean by tagging? Just wondering in case I want to do the same.
I especially like financial companies that have you login by using symantec VIP[1] which you append to your password. There's no way anyone thought that was a good idea. They did it that way because they had a worthless legacy authentication stack they couldn't rewrite, didn't understand 2FA well enough to implement it themselves, went with Symantec because "nobody ever got fired for contracting $importantfunction to $bigcompany", and the only way they could shoehorn any 2FA auth into their login flow was to concatenate it with the password.
[1] If you haven't had the pleasure of using it, it's a proprietary 2FA app that has a single seed per app install, shared between the app and symantec's database. It generates 6 digit codes that make it look similar to standard TOTP, but it's not TOTP. If you need to use it for multiple websites, you give them all the same seed hash (displayed by the app) which they use to synchronize your auth credentials with your account at symantec. IOW, it doesn't scale securely. There's also no way to have a backup 2FA device with this system; at least the two companies I've used it for haven't let me set up my account with two VIP apps on two different devices. Since normally you'll only have a single 2FA device using this Symantec VIP service, that means you have to go through a manual, insecure identity verification process to get back into your account if your one Symantec VIP device gets lost or broken.
https://www.cyrozap.com/2014/09/29/reversing-the-symantec-vi...
https://mobile.abc.net.au/news/2018-12-03/commonwealth-bank-...
Oh yeah. Right...
It's a valuable lesson in "don't keep data you don't need".
EDIT: A little backstory for non-Quorans. Until early 2017, anonymous Quora answers and comments were anonymous to the public but not actually anonymous in the database (they were still "your" entries). In early 2017 they (presciently) made all this content fully anonymous, even in the database.
Both are valid lessons. One is from the businesses perspective and one is from the user's perspective.
> Is content posted anonymously still secure?
> Yes. Anonymous content cannot be connected to user accounts, so content posted anonymously is still secure.
https://help.quora.com/hc/en-us/articles/360020212652
Unfortunately, though, most companies operate under the "keep data you might eventually need" principle.
Now... if the emails were logged and in the exploited database, then all bets are off, but there's no indication that happened at all.
There are about a hundred other things about this that give me anxiety, but Quora is run by extremely competent people (engineering and otherwise), so I am pretty confident about their ability to be transparent and to know the extent of any issue.
This entire thing is really shitty for everyone involved, but given Quora's tenure (almost nine years!) that this is the first breach is pretty amazing, and that they've done so much work to make it less of a problem is great.
None of the above is meant to diminish the general dissatisfaction others are expressing here.
I am sorry but this is #ShitHackerNewsSays worthy. Let me fix it for you
>given Equifax's tenure (almost 119 years! Since 1899) that this is the first breach is pretty amazing
Better now? Downvote me if you want, but there are no pats in the back for having PII leaks, no matter the years.
Another set of 5 data breaches at Equifax dating back to 2013 (some but not all of these overlap with the Wikipedia reference) (https://www.forbes.com/sites/thomasbrewster/2017/09/08/equif...)
I would not be surprised if Equifax has been "breached" more than a hundred times over its history. Do your research.
Flagged.
I hope lesson should be learned: don't force users to register just because you can
The first rule of Web 2.0 is still true: if you are not paying for the product you are the product.
I get that this is not their main business model, and that their customers that they bundle and sell consumer data to are more valuable. But end users, in this case, are still customers. They still pay money and get a service in return. Contrasted with e.g. Google services, it's a different scenario.
Or are they trying to adjust, and the attacks are getting so sophisticated that the pace of investment in counter-measures is below that of the pace of advancement in the complexity of attacks?
Or something in the middle?
Of course, this model assumes that as soon as you have penetrated the perimeter, the rest becomes easy. This is the more traditional model. People are increasingly adopting a you-are-already-hacked approach, which makes it harder to move laterally once someone gets in. However, the general challenge still applies.
It’s not really a security issue as much as an incentive issue.
Once you understand how difficult attack mitigation is, then you can pick and choose from a variety of factors:
- executives may not have a realistic understanding of how difficult attack mitigation is so they don’t allocate the resources for hiring
- incompetent admins overestimating their abilities
- competent admins who are underfunded
- incompetent admins who underestimate the value of the data they’re protecting
- competetent admins who may not have an accurate picture of what data they’re trying to protect so their threat model is flawed due to inaccurate information
- executives who are aware of how difficult mitigation is but don’t place customer data privacy as a priority.
- the current iteration of our growth obsessed corporate models unintentionally results in a race to the bottom in many ways.
- little incentive for companies to factor in social impacts as we don’t yet seem inclined to figure out a way to include impacts on society as one of the many metrics to measure a company’s success or failures.
It’s worth remembering though, even the most responsible, most well funded, most security conscious, and best staffed organizations have been compromised at one point or another—security is hard.
Luckily you can sign up for Quora with any name and email. You have to assume that no matter how hard a site tries to protect your info, it will get compromised sooner or later. The best they can do is what Quora does: demand as little info about you as they need.
In addition to that, attackers only have to get lucky once, the defenders have to check every entryway.
Offense needs only one hole, whereas defense needs to plug all, including human behaviors. When the offensive side finds a new attack, they can often try and see which of the victim is vulnerable, thus the offense can pick and choose among many potential victims, whereas the defensive side needs to defend from all attackers. The information, once leaked, can't be recovered - i.e. once exploit is successful, there's no "recovery" available.
All of those factors combined make defense orders of magnitude more difficult - in terms of careful attention to detail, in terms of manpower, in terms of human training and vigilance, etc. For those reasons, the best defensive strategy is to minimize the information you need to protect.
No details on the hashing scheme used though, so we don't really know how easy it'll be for the attacker to brute force the password hashes.
I hope they mean hashed, not encrypted.
They can rightfully say "encrypted" to a lay audience because the definition of encrypted is not so strict as to require decryptability, but why would they say that the password might be exposed?
[0] https://help.quora.com/hc/en-us/articles/360020212652
How likely it is your password gets brute forced really depends on the hash function used. If it's md5... all but the strongest password could be broken. (though at least the passwords were salted). If they're using something like bcrypt with a work factor of 10+, it's a different story and only the weakest passwords are at serious risk.
The fact that details on the hashing scheme aren't shared makes me assume it's not great...
And then this happens!
Would be nice if websites measured user activity and could 'lock out' or otherwise release their data if they never use the site; at least, confirm with said user via email if the account is needed.
But in this era, I'm sure companies would prefer to keep whatever data they can get.
Also, it's implausible to me that selling the data wouldn't come out eventually. As we saw with Cambridge Analytica, even pretty obscure uses of data can eventually turn into giant media exposure for privacy breaches. The brand damage is is very expensive. Facebook's market cap is down something like $100 billion; there's no way they could have made that kind of money from trying to quietly sell copies of their data.
They are hiring people based on leet code questions and school prestige and not based on real technical knowledge about systems. Their business people are top school MBA grads with no security domain expertise. They then proceed to build massive data collection programs using open source tooling that non of them fully understand. Their business model depends on that data and monetizing it in various ways. An so the complexity of their application goes through the roof with regards to user data. Their user facing web apps are the tip of the iceberg for a massive surveillance scheme.
Isn't that true for almost all companies based in the Sillicon Valley?
Nothing insightful. I'm just here to kick them while they're down.
If you want anonymity there are other platforms for that, stackexchange for example.
Ask MetaFilter is a much better Yahoo Answers, but I can be pseudonymous there. Also, my pseudonym is much closer to a real identity than what's on my driver's license.
I don't have any real reason to fear sharing my "real name" with Quora. I'm lucky. But I'm not the only person in the world. Good thing I'm not trans or a religious dissident. Good thing the only thing stopping me from contributing to Quora is my ornery nature. I would hate to for the world to miss out on my Quora contributions for a good reason.
Good thing Quora doesn't have my "real name" is all I'm saying. I have an interest in privacy, even though I use the same pseudonym as my identity on LinkedIn, Twitter, Facebook, and Instagram. And Ask MetaFilter. And so many other places. I shouldn't have to beg to use my preferred name on Quora's bulletin board, regardless of my reasons. It's none of their business.
There's nothing about a "real names" policy that automatically turns a shitposter into a quality contributor. There are plenty of reasons not to wear a target on your back and self-doxx. Today's misadventure is one very good reason.
There's an example that just happens to be the greatest knowledge platform ever built in world history. Wikipedia allows non real name contributions. Plainly next to that, Quora has no legitimate excuse for requiring real names to ensure quality. It's for one reason: $$$. They have to figure out how to reach a $3b valuation at some point so their VC owners can get a reasonable exit. It guarantees an inevitable disaster for a knowledge service. The conflict between quality and always needing more and more junk content to slap ads on and allowing for abusive business practices to reach for that fat exit for the VCs. And if you don't do it, they'll put someone in charge that will. Unless you can find another business model as Stack Exchange did, stay private & small/lean (so you don't have to try to pretend to be a $3b company when your business model will never legitimately get you beyond 1/20th that), or go the donation Wikipedia route.
I think part of their reasoning is "hey, we have prominent users! Let's make sure everyone knows it!" But Ask MetaFilter has famous users. They are in no way diminished by my pseudonymity.
Plus I know how to change my name. I can spend $100 at the courthouse, and get an ID that would force Quora to let me use my preferred name. My point is, Quora doesn't get to be the impetus for my legal name change. I don't need Quora's permission to call myself what I prefer to be called.
Edit: I don't have any affiliate etc association with them.
Your name just didn't provoke their Real Name Gestapo.
One new development is that you used to be able to get your invoices mailed via snail mail. Then that disappeared and you got your invoices mailed via email. Then that disappeared and now you have to create an account on some portal so that you can download your invoice. So that's one userid/password combo per business relationship or service that you use privately. Healthcare, HOA, insurance, payroll etc., every bloody two bit player requires you to log-in to their oh-so-secure service rather than that they send you your stuff. Which requires a ton of overhead and - sure enough - sooner or later they get hacked because by then the amount of data they hold on to is more valuable than their security could reasonably be expected to defend.
https://thehackernews.com/2017/02/password-manager-apps.html
Oh, and OAuth is a similar coping mechanism. You shouldn't need to log in to something to browse the web!
We stopped using sites built by amateurs in their spare time and demanded "beautiful user experiences" that we didn't pay anything for. That costs money, so people who wanted to solve that "pain" looked for business models that meant they could deliver what people want without charging directly. Hence we have an Internet driven by advertising and privacy violation.
This model doesn't seem bad, advertising without tracking.
We didn't demand shit. We only chose from what was available. People trying to make money on-line have, over time, perfected both the design and the business models. At every step of the way, we had a choice between status quo and this new service that's prettier and offers more, for free, with user-hostile monetization scheme that wasn't immediately apparent. Step by step, we've been had, like the frog in the boiling frog fable.
For example, the water company. I know the water bill is usually $50 or less, so I set the limit to $60/mo. As it turns out, they did get breached. I got an alert about someone who isn't the water company trying to hit the card for 80 cents. Most card runners use amounts under $1 because most credit card spending alerts have a $1 minimum. But privacy.com warned me, so I warned the water company, who was very thankful. Turns out their 3rd party provider had been breached and they were grateful for the alert too. Ended up saving a few thousand of my neighbors a lot of headache.
[1]: https://www.bankofamerica.com/privacy/accounts-cards/shopsaf...
[2]: http://www.citibank.com/transactionservices/home/card_soluti...
I assume it's because the whole industry prefers data-brokering your purchase history, joined on credit-card # to establish identity.
I know FB & Google purchase something like that from one or two credit card companies, so I wouldn't be surprised if merchants were in to it too.
The virtual cards don't have separate spending limits, though, so it is not quite as good as BofA or Citi for use with questionable sites.
OTOH I do care about my name, address, and other PII being stolen. That is where privacy.com is a help. But not because it protects me from CC loss.
A few weeks ago I saw bitwarden finish their third party security audit and took the opportunity to jump. Couldn't be happier. Autofill fails less, the "copy password" menu works, the mobile experience isn't intentionally broken to sell an app, and export->import went without a hitch. Better, actually: it is the first time I have done an export/import and had the resulting data immediately work better in the second app. There's also the hope-springs-eternal factor of bitwarden giving me the option to host the sensitive stuff myself once I get off my butt and set up that server I've been meaning to for a while now.
If you're thinking about lastpass, save yourself the trouble and try bitwarden first. Or something else, but bitwarden has been good to me and lastpass, well, hasn't, to put it politely :)
I will give Bitwarden a try.
Do you access kbdx files on mobile devices? If so, what do you use?
The biggest problem with MiniKeePass, in my opinion, is that it doesn't support the new iOS autofill API and that it doesn't support even basic syncing. You always have to make a manual copy of the database file and you can't really create logins on mobile because of that.
There's a fork of MiniKeePass called KeePass Touch, but they don't publically host the source code anywhere. You have to email them to ask for a copy of the source code, which is technically GPL-compliant, but a bit annoying.
Is anyone aware of a technical reason that copy to clipboard is absent in Firefox, or is just laziness? If laziness, I'll dump them tomorrow.
(Not that this whole thread hasn't had me re-evaluating whether there's a better solution for me now.)
I've used both extensively and Bitwarden is just a dramatically higher-quality app it's not even funny.
Very happy with 1PasswordX (the browser-only version) - filling is much better, copy is supported out of the box, support have been very helpful when I've reached out. Much better customer experience.
However. Still can't uninstall 1Password. Haven't figured out where to store notes (meta) in Keychain. Stuff like "Name of your first pet?".
I tried to switch to pass, and I'm not sure if it was something to do with how I imported but it didn't list my passwords and the browser plugin was clunky and didn't work. Anyone had success with pass/gopass.
Bitwarden seems like a happy Medium, I'd rather not do my password ops. The pricing seems fair (and rather optional). I'll try it, thanks.
I like the model a lot, because it solves the "database ownership" issue, where your Password provider (be it LastPass, 1Password, etc) becomes in itself a weak link.
I switched to 1password which - at least at the time - offered a web-based fallback hosted from your own dropbox. Plus at the time you owned the data and were responsible for storing and syncing it. Dropbox support came out of the box but if you want you can use a local file.
I used to be a 1password user, but they were pushing their premium, cloud-based offering a lot and lacked Yubikey support so I switched away.
On the Mac, KeePass now feels like a better experience than having to pay a subscription for 1password.
The worse thing that happens to me is if I generate a password, and then Lastpass doesn't save it! It feels like a 50% shot it will actually save the generated password.
I have nearly 1000 passwords stored in it now, so it's going to be a huge pain to migrate.
If you load the same site using "load desktop site" the UI gets fixed.
Also that site looks like it should be selling something but I see no money hole - should I be worried?
[0] https://www.passwordstore.org/ [1] https://github.com/passff/passff#readme
This is kind of yikes for a password manager too: https://github.com/bitwarden/core/issues/399
But it's also pretty much the only polished open source password manager there is out there.
For now I'll be sticking with 1password, but might check out bitwarden again once they have tests and more maturity as a password manager.
I switched over about a week ago and find it pretty solid, but it's missing alot of the quality of life features that last pass had. You can't just hit command + c whilst on a entry and have it copy the password, they haven't implemented the new ios 12 features that make password managers much better on ios.
I'm running them both right now as I'm not fully committed to the switch over, but I'll see how the features get added over time.
We have a tendency to compare opaque with transparent and balk at what we find, but I question what you would feel if you could see through the opaque.
And if you look at their jobs page, one of the job description points is "Create unit tests for existing code to run faster and more reliably.": https://1password.com/jobs/droid-builder/
They might even have a few QA people AFAIK!
I understand why the single founder / engineer of bitwarden doesn't have tests. When you're a startup not writing tests can speed you up significantly. But after a certain point they are going to need automated testing, especially for something as vital as this.
For me, the lack of open source in 1p has been a sticking point, and I was planning to migrate after the audit. But seeing no tests, 1p documenting their security model and bitwarden not being good enough compared to 1p in UI has me sticking to 1p for now. I have high hopes that bitwarden will get to that maturity point one day.
I would like to also recommend the Firefox extension 'Kee' for autofill. On Android there is the 'Keepass2Android' app. Both are open source and work well.
I also recommend the KeePass plugin 'Yet Another Favicon Downloader'. It downloads favicons from websites for your password entries.
Also 'Keebuntu' is a plugin that makes 'minimize to tray icon' work for me on Linux.
1: https://keepassxc.org/
I run a unique password for every site so it doesn't matter if a provider gets rumbled, and I don't reuse passwords or have to remember multiple ones.
The form autofill is pretty awful compared to Lastpass, but I can live with that.
tos:
> You may use our Services only as permitted in these Terms, and you consent to our Privacy Policy at https://www.logmeininc.com/legal/privacy, which is incorporated by reference.
pp:
> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data to help us support the Services.
> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
and
> Some specific examples of how we use the information:
> * Conduct research and analysis
> * Display content based upon your interests
> * Market services of our third-party business partners
and
> 4. Information Sharing
> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure and (d) as needed for legal purposes.
and
> Examples of how we may share information with service providers include:
> * Sending marketing communications
etc...
In both cases once there's physical compromise, if they have the "master" password you're screwed?
I presume they use clipboards for the pasting, or do typing that could be captured bya keylogger.
It’s all good though. Knowing I helped thousands of my neighbors is compensation enough. Besides, if they gave me a credit, they’d have to hike everyone’s bill to compensate!
I know I'm a cynic, but it takes all sorts of people.
I’m using two personal domains fo host my own email. One domain is purely for registration/junk purposes and it forwards *@junkemail.com —> junk@myemail.com.
The same server uses nextcloud for calendar/contacts/webdav
I use the password manager Enpass which can sync via webdav across my devices.
Everything selfhosted and emails/credit cards disposable
I'm certain none of those 3rd-party connections are necessary and yet... like muscle-memory... devs continue to thoughtlessly invite tracking.
[0] https://privacy.com/security
Fonts and other stuff from google and facebook is just a small piece of the puzzle.
The TV should display (or maybe email) a link that I would visit with my primary web browser and grant it permissions - or ask for a password as a very last resort for users who have no computer/phone but somehow have Netflix.
Of course, when you only have one logged in device and it's tied to a different room, it's mildly irritating, but you only do it once.
I can't trust a website to keep all my passwords.
In addition to that, for my really critical "gatekeeper" accounts, I don't put the full password in the database. Just a reminder that this is a "special" password, which needs to be combined with another bit of info in order to work.
I just live with the fact that I can't use this system on my phone, and for my usage patterns, that's fine. There's nothing I need to do that's so urgent that it can't wait until I'm back in front of my computer.
Privacy is a game changer for online transaction security imo. An additional benefit is the ability to subscribe to "try free for a month but oh wait we need your credit card info first so when you forget to cancel we'll keep charging you". Simply create a virtual card with single time spend limit $1 less than the monthly subscription charge, and you can rest assured that your one month trial is a one month trial.
Because then you can get one from transferwise.
In order to use Payment Services, you must be at least 18 years old. You confirm that you are either a legal resident of the United States, a United States citizen or a business entity authorized to conduct business by the state(s) in which you operate and that you are an authorized signatory for the business you represent.
https://privacy.com/terms
With the premium cards on top of other perks there’s also Disposable Cards which creates a virtual card for every transaction you want and as soon as that card gets used, it’ll destroy it and create one brand new.
For separating limits you can create multiple virtual cards each with limits once met will freeze the card.
I also use it with sites I don't necessarily trust, like a random auto parts store. If it were a tad easier to use, I'd use it for nearly everything.
It would be nice to have some kind of communication protocol that could be provably restricted from passing whatever the company wants.
You don't have the time to:
- audit the source code
- check every auto-update hash matches the main hash list "just in case" you get a special update just for you
If you turn off auto-update, you will eventually get hacked because of bitrot
Would be nice to have privacy.com more widely available.
You can have up to 5 non-disposable virtual cards.
Single point of failure. Even if they claim they're "encrypted so that even THEY can see them", it's so easy to mess up encryption, it makes it a single point of failure.
I still share passwords between my devices though, but instead I use KeePass along with the Android app. For less critical passwords I let Chrome keep them; I _mostly_ trust Google, and non-critical passwords are exactly my level of trust of Google.
And I also trust Google to share my (encrypted) KeePass file with my devices. But now it's two points of failure: Someone would have to break into a private Google Drive, get my KeePass file, and break the KeePass encryption.
And I trust _both_ KeePass _and_ Google more than I trust Lasspass to get security right.
The one thing that is cool, for items that don't have to ship in the mail, is the ability to use any name and address whatsoever with the merchant.
Password reset is a noisy, active attack compared to eavesdropping somewhere in the path of an email.
1. enable donations / tips / subscriptions to sites using a browser-native crypto wallet
2. use ZKP anonymity
This enables a publisher / subscriber business model of 'dollars without data'. Which should really be the Minimum Viable Product for a publisher.
PII data for marketing is the icing on the cake for publishers, but the bar is high (and getting higher) around sharing that, and many of us want to support sites, but don't want to go through N+1 payment gateways and digital identity forms just to read some content.
From this perspective I see Brave and BAT as enabling a very old model: I give you a quarter, you give me your newspaper. End of story.
[1] https://news.ycombinator.com/item?id=18595792
Brave and BAT are attempting the same thing from a slightly different direction than we are--they are attempting to bring privacy to partially-decentralized apps; however, I don't think this will ultimately succeed--privacy is broken by the weakest link. As soon as you allow some connection to some server somewhere that's exfiltrating your interests, you now have advertisers lining up to buy that data and exfiltrate more. As far as I understand the "hybrid decentralized app" model, where DNS and web2.0 are allowed, you permit these weak links to exist.
It's annoying being on the other end of this: management deciding, for cost reasons, that snail mail is out and email is in.
Somebody else then worries about the risks of emailing documents that contain private information.
I think a case can be made that some kind of email token login is the simplest solution here: passwords only introduce another attack vector since you can usually reset them by email.
Are there more elegant solutions to this problem?
If their systems get hacked and they have your snail mail address, they get your snail mail address as well. Email doesn't change that story.
It had amazing content in the early days and still has great answers but the sheer number of nonsensical or slightly tweaked but endlessly repeated question is driving away writers. Paying people to post these questions is just backwards.
Does this mean that every question or answer I’ve viewed is now in the hands of the attacker?
Your email address and hashed password being exposed is one thing. That information plus your search history is quite another.
Hello! We will be moving to the new anonymity on Quora experience very soon. If you would like to edit or delete your existing anonymous content in the future, please provide your email here before March 20, 2017. You are receiving this message because we have not yet received an email from you. Please note that if you do not provide your email by March 20, 2017, you will need to contact us using our Contact Form and selecting “I need help with my account.”
Would it be possible those logins are more secure?
I felt validated when I received the email from Quora about the hack to a fake email address and addressing me by a fake name.
I always found Quora's use of dark patterns and baiting you in from search engines then blocking the content particularly egregious. Always made me surprised anyone held that site to such a high standing and I can only imagine it's because the advocates never knew how awful the experience was without an account.
I feel Pintrest is very similar in that way.
My point is people do cargo cult everything. Could the service be BETTER without forcing the user to sign up? Inconceivable! Everyone knows you should force users to sign up.
- what doesn’t get hacked? Isn’t life a continuous trade-off between risks and chances
- If you’re afraid you’ll expose private information, then just don’t use a platform like that?
- these platforms use user generated content, true. But they provide the platform and the product. I think that is a fair deal.
Just be a nihilist, guys.