I have Instagram, but that's it for social media. I only use it for posting band shit.

I have a password manager and I use passkeys when available or 2fa.

I have a VPN, but I use it mostly for torrents. I check my dark web results and keep my passwords up to date with the password manager. That's probably the most proactive thing I do in regards to privacy.

My password manager has a feature that allows me to see if I have any vulnerable passwords due to things like data breaches and it makes resetting passwords easy. It's kinda like the Google dark web results, but interactive.

Some of you have mentioned the dark web. What type of shit you funny pervs look for?

andyman wrote: Thu Jul 31, 2025 6:25 am

Vibracobra wrote: Thu Jul 31, 2025 3:34 am Some of you have mentioned the dark web. What type of shit you funny pervs look for?

I imagine* cakes was probably referring to the fact that when companies have their servers hacked the user info can end up for sale on the dark web.

*I don't speak for cakes

That would be my inclination as well...

At last guess, I've been victim of at least six major data breaches (that I know of). I imagine many of you are in similar situations.

Experian and similar companies offer a service where they scour the dark web for your information (such as e-mail addresses, phone numbers, social security number, etc.) and then scrub it.

Usually, the company who lost your data offers you free identity protection service such as what I mentioned above for a year, but at this point I just subscribe to a service on my own because even after your data gets scrubbed, it always seems to show up again on the dark web sometime later.

The dark web is a reference to the parts of the Internet that are essentially black markets. There's more to it, but just know for this purpose it's where personal information is bought and traded.

The dark web results you get from Google, for example, shows you what private info of yours has been breached from what company/website. Sometimes it's benign, like your first name. Sometimes it's a password to or worse, you're ssn. It's an alert system to tell you what to look out for and react to high level beaches.

Watchtower in 1password does this, too.

Very useful shit.

FWIW, I have worked for many financial institutions and we have to go through basic privacy training for customers. A lot of it is just common sense. I am a software engineer, so I have a general understanding of how internet security works that most software engineers understand. My last job before my current one was in crytpo, and I learned a lot about cryptography. Our secondary business was with ransomware negotiation and resolution. I am by no means a security or crypto expert, but I have some direct experience with it and have seen behind the veil.

So, I would be happy to answer questions about privacy and internet security, the best I can, or at least point you somewhere for better answers.

I will say, the best way to sign into any account is with a passkey. If you don't have a passkey, then 2fa is better than nothing. Passkeys are amazing and they work in a similar way that cryptocurrency works. They are hard to hack, unlike 2fa, which has more than just technical possibilities to crack. It can include social engineering.

If you don't have a password manager, I would highly recommend one. But not all password managers are the same. I use 1password specifically because it's easily portable, has a way to share vaults with your family, but more importantly, they don't store your credentials. So, if you lose your password, the only way to fix it is by getting a new account and resetting all your old passwords.

What I like to do is save my credentials in a PDF that is password protected. With 1password, you can only sign in and authenticate with a combination of your password and a special key that is generated for you. So, if you lose your password and your key, you need to regenerate a key and create a new password. This is saved as a PDF, and PDFs can be password protected. I'm not saying that the PDF can't be broken into, but it's just another layer of security. Anything can be broken into, and it's not just decryption methods.

Also, one of the best password combinations is a grammatically correct sentence. Not only is it easy to remember, but it can be long and it can include punctuation. Sites that disallow certain password patterns are working against your privacy.

cakes wrote: If you don't have a password manager, I would highly recommend one. But not all password managers are the same. I use 1password specifically because it's easily portable, has a way to share vaults with your family, but more importantly, they don't store your credentials. So, if you lose your password, the only way to fix it is by getting a new account and resetting all your old passwords.

Other password managers that are trustworthy (so far) are:

Proton Pass - https://proton.me/pass
BitWarden - https://bitwarden.com

Both have code that is open source, meaning others are able to audit it. This verifies the safety and reliability of the software.

+1 on Bitwarden. Easy to use and will generate long passwords for you. Just make sure your password to get into BitWarden isn’t easy to hack. As others have mentioned, it doesn’t have to be a weird combination of letters/numbers/symbols - just a long phrase that is unlikely to show up on a rainbow table somewhere.

Is the password App on the iPhone equivalent to the password manager apps mentioned above?

Gramsci wrote: Sat Aug 02, 2025 12:16 pm Is the password App on the iPhone equivalent to the password manager apps mentioned above?

It has a lot of the same features, but it's locked in Apple's ecosystem - only usable on Apple products. Most of the others mentioned are usable on basically any modern operating system.

I believe the Apple password manager uses keychain. It's shareable among your devices and tied to your Apple account, which seems sketchy to me.