Isn't the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don't many two factor auth apps seem to support syncing? If it's fine to do so, are there any open source cross platform apps that sync keys?

All I found was [this comment](https://www.reddit.com/r/Simplelogin/comments/y4qwgb/comment/isfqkaq/) about the difference. >Premium domain is only available when you have premium, because fewer people pay and fewer people use it, so there is less abuse and the domain name has better reputation, so when you public domain is not working, using the premium domain may be able to register.-

[https://reddit.com/r/privacy/comments/v624di/apple\_tracks\_you\_even\_if\_you\_dont\_have\_apple/](https://reddit.com/r/privacy/comments/v624di/apple_tracks_you_even_if_you_dont_have_apple/) >We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing. [https://www.scss.tcd.ie/doug.leith/apple\_google.pdf](https://www.scss.tcd.ie/doug.leith/apple_google.pdf)

Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn't browsers see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.

iOS is very good about sandboxing and only letting apps run things while the app is open and focused on. It shows green and orange dots when the camera or mic is being used, and none of my use them without saying so and they only do so when they actually need them. If that is the case, are there any potential privacy issues with it?

I've been looking at using email aliases services, and right now I'm thinking of using Simplelogin for all my online accounts and accounts where I can change my email easily, and getting my own domain to share with people and where I can't easily update my email. It seems like I shouldn't use my own domain for online services because it would be unique and can be tracked. I did lots of reading about this and am still wondering why someone would want to opt for catch-all domains over aliases. Catch-alls seem highly susceptible to spam and while I haven't actually done any email aliasing yet, it doesn't seem to take much effort to make a new alias if you have a plan with unlimited aliases.

I did the tests on fingerprint.com/demo/ and https://coveryourtracks.eff.org/ and they both said I have a unique fingerprint, even when I enabled `privacy.resistFingerprinting` to `True`.

https://themarkup.org/blacklight, I put in a few sites, including a full Reddit post URL and it reported 0 trackers. Does this site work well, are there other sites for seeing trackers on websites that work well?

I want a bulletproof way to give email sub-addresses, since some websites strip out special characters like `+` and `.`. I have an idea for how it could work, let's say my email is TheTwelveYearOld@Reddit.com and I have the following: * All emails sent to TheTwelveYearOld@ get blocked * I specify a suffix that would be used instead of `+`, perhaps "From" * I whitelist phrases that go after "From": TheTwelveYearOldFromDoorDash, TheTwelveYearOldFromGoogle, TheTwelveYearOldFromReddit Are there any services that can do this? I'm thinking I should make my own domain for emails that way my email addresses aren't tied to any companies and I can easily switch.