• 0 Posts
  • 15 Comments
Joined 1Y ago
cake
Cake day: Jun 30, 2023

help-circle
rss

KeePassXC you would put the sync-file itself into syncthing or something, and then KPXC would resolve changes between the sync file back to the main vault. I don’t use this method directly so I might be incorrect on the details, but it is possible to setup in a device to device manner.

You keep saying external server for syncthing, but again: syncthing does direct data transfers, encrypted end to end, between devices. It does not use cloud hosting or servers. It has the equivalent of a 90s FPS matchmaking lobby, so you can find your own devices latest IP.

You register the devices with each other with their generated ID codes. Then you ask the matchmaking server when it last saw that alias. It gives you the last IP that checked in with that unique alias. It then contacts that OP, and performs a handshake. If it passes, your two devices can now sync directly. The matchmaking relay has 0 data of yours, and 0 ability to associate your unique ID with a name, hardware, or anything other than a last seen IP. When on the same LAN, devices don’t even query the matchmaking relay if you don’t want. It’s totally offline.

If you elect to, you can allow relays to let you tunnel of you have NAT issues, and your end to end encrypted data can be synced through a relay. In those cases then yes, you are extending a bare minimum trust, and you fully encrypted data would temporarily pass on the relay’s RAM. If this makes you paranoid, you can easily add a password to the sync folder itself, encrypting it unless another user inputs the password on the other end. Adding another layer if you wanted.

I just get nothing from Bitwarden that syncthing and KeePass don’t offer more easily. Syncthing works for tons of devices and other purposes as well, preventing to host a password sharing only tool, and just letting you use a direvy device to device sync tool. I don’t know how or why you would have vault conflicts, but it really does sound like something fixable. Running this for years and I’ve never run into it.


This is one of the rare cases where I believe security through obscurity applies.

What is the most ripe attack target: the password hosting service with millions of user credentials, or literally some random IP address using syncthing that could be sending literally anything that you don’t know is passwords or porn.

Companies like Bitwarden and 1Password and LastPass are doomed to have failures, just like any major corporation. They are too big with too much attack surface, and clearly advertise that they have stuff worth stealing.

Me? My KeePass vault is synced via Syncthing with no relay data, so it only ever exists on my phone and desktop, and is encrypted with what is today functionally unbreakable encryption. Today at least (RIP when quantum chips get good).

And my data is a blade of grass in a field. Sure there is a narrow chance someone snooping on my entire geographic area and stealing packets like the FBI could grab some packets in transmission. But they show nothing, and mean nothing. And the FBI has easier ways to get our data anyways.

Point is, I’d rather take my odds as a heavily encrypted file syncs between singular devices like a drop of water in the ocean, versus putting all my diamonds in Joe’s Diamond Emporium and just hoping no one decides to steal MY diamonds when it (inevitably) gets robbed.


In this circumstance, you can turn on simple versioning for the password vault. It will keep both vault copies and you can merge your changes together manually in the event this happens, no loss of data.

For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate. Not saying it doesn’t happen, but I believe this can be solved.

However KeePassXC’s sync feature does sync the vault.

Syncthing does not have a server. The relay only serves to match your current client (device A) with the IP of your other client (device B). Nothing else passes through it unless you opt into using relaying in case you have NAT issues.

If you are paranoid, the software is open source and you can host your own relays privately, but again, it is similar to a matchmaking service, not data transfer.

Syncthing is a direct device to device transfer. No server in the middle unless you want it.

https://docs.syncthing.net/users/relaying.html


This still requires a server setup, focused entirely on passwords. Why do that?

Why not just use KeePass or KeePassXC, and use Syncthing for this and general files, or KeePassXC’s keeshare sync to sync the files without any hosting, server, or other services.

Extremely simplified tldr: both of these are like a authenticated private bittorrent, where the “tracker” only helps you find yourself on another devices, no data is ever sent outside of your authenticaed devices, and all transmissions are encrypted as well.


https://www.digitaltrends.com/computing/mozilla-firefox-chrome-review-comparison-2020/

This is from 4 years ago,. Again, stock browser without a busted extension causing a memory leak, the browser runs solid.

https://cloudzy.com/blog/which-browsers-use-the-least-memory/#Firefox_vs_Chrome_RAM_Usage_Comparison

Run a real world test and you’ll see what I mean. Their RAM consumption is pretty much on par, and varies between update cycles but not wildly.

https://youtu.be/YQcslo9OqtE?si=FvI-Hk7vk46H5U67

From 3 months ago, with graphs. Firefox and Chrome have had near identical performance for years.


“Moving the goal posts” I fail to see how I’m changing the conditions. I’m explaining a clear and obvious issue in that image which is why it’s not a good comparison.

Okay, extensions require container processes, for each one. Each new extension add to the RAM usage. For both Firefox and Chrome.

So already the comparison is flawed because Firefox now requires more base memory to load those extensions out the gate.

But now, Firefox is clearly showing Tampermonkey in the toolbar, a userscript extension. Let’s just say I run a script that fetches competing price info from temu.com when you browse a site like amazon. Not uncommon.

Let’s say I set that to loop, so it’ll work on infinite scroll pages too.

Okay, now if you leave your browser alone for an hour and it’s refreshing these scripts, guess what happens to the memory?

Every test of current builds of FF vs Chrome has found extremely negligible performance differences when both are stock installs.


Try Floorp.

Also, maybe don’t compare clean chrome install to FF with a half dozen extensions installed. Extensions like Greasemonkey run literally any script you tell them to. An errant line of code and there goes your memory.

Try again, apples to apples dude.


Floorp is literally running with tons of optimizations and is shifting to the standard FF release instead of long term support build in their next major release. The optimizations though are like front and center, and it has TONS of privacy toggles and features.

That comparison is… Self serving let’s say.


Google is Alphabet.

This distinction is meaningless. It is like arguing that Facebook isn’t a company anymore and Meta is a totally new institution.

It’s Facebook. It’s Google.

Its FAANG companies not MAANA companies.


Shatter the company like glass.

They are insanely huge. They should be 10 different companies.


Yea, that’s what I was saying. But if you wanted a national level of this, having ISPs setup a “kid access” subnet that just runs on a separate Wifi SSID would make this idea easier for the non tech savvy.


Make the children internet token based for kids, use a yubikey or something (no password to learn), and leave the regular internet as is. Make ISPs provide families with kids access to both, either via subnet or dedicated hardware.

From there just have policy to not give the unrestricted network access to kids. Aka parenting. Public institutions like libraries can have most open terminals on the “safenet” and limited public access to the unfiltered net.

For a “poor man’s version” of this concept, you could do a pi-hole sub-network for home use, but the internet elsewhere is still the internet.

That’s one possible idea anyways, and a damn sight better than porn credits.


Unironically: child safe websites should be under a separate DNS provider from your ISP, provided via a separate ISP router or modem. Setup a separate national level routing.

Seriously. Kids get curated internet only, adults get the firehose.

The idea of porn credits and voluntarily giving the government a list of everything you look at is utter insanity.


Somewhat. Webstandards are voted upon, and I believe Mozilla is part of those organizations.

However Google could always choose to ignore web standards and do what they want. And due to their massive market dominance this would effectively enforce this overnight for over half of the internet.

The reason they may not, is the EU would take them to court over that. The US no longer believes in stopping companies from ruining shit though.