Estudante de Engenharia Informática apaixonado pela área; algures em Portugal.

Administrador da instância lemmy.pt.


Computer Science student, passionate about the field; somewhere in Portugal.

lemmy.pt instance administrator.


https://tmpod.dev

  • 7 Posts
  • 54 Comments
Joined 3 years ago
cake
Cake day: September 10th, 2021

help-circle



  • That’s why I love virtual card systems like MB NET. You just generate a random virtual card for every purchase (or a recurring one for each subscription vendor, for example) and move on. Your bank still knows what you’re doing, of course, but vendors can’t correlate anything. Preventing your bank from knowing where you’re spending your money is much harder, for very practical reasons: fraud detection. The only real way is to use a secure crypto coin like Monero, but very few places accept it and you still have to deal with volatility.




  • tmpod@lemmy.pttoSelfhosted@lemmy.worldConfused about Podman
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    This is a good suggestion. Docker is more mature and has more resources, so it’s better to learn the ins and outs of containers. After getting comfortable with it, you can move to Podman and have a much better time tackling its peculiarities regarding permissions and rootless.

    I used Docker for years and only recently decided to give Podman a try, porting my Lemmy instance to it.



  • tmpod@lemmy.ptMtoPrivacy@lemmy.mlThe Best Encrypted Messengers in 2024
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    3 months ago

    encrypted email

    Besides being a form of messaging (so the text somewhat contradicts itself), typical email is a deeply insecure protocol.
    In my opinion, it’s probably impossible to secure without making a new protocol or making such drastic changes that it might as well be considered one.

    Here are some key concerns regarding the usual PGP-powered encrypted email:

    • Email, at a simple level, works much akin to physical email — there’s an “envelope” containing important info regarding the communicating parties, which can’t be encrypted, otherwise the mailing servers wouldn’t know where to forward the messages. This essentially leaks a lot of metadata that can be almost as valuable as the message body itself.
    • There’s no forward secrecy — one of the best cryptography features that has become pretty much a commodity in modern systems is forward secrecy, which prevents attackers from decrypting older messages after gaining access to one of the keys.
    • While not an issue with the protocol itself, it’s the sad reality and we need to consider — most people use GMail, Outlook and the like, which ultimately need to read your emails in plaintext, for better or worse reasons (search is incredibly useful, but some big players don’t stop there of course :p).
    • Another thing is the fact that it’s incredibly easy to have an imbalance of encryption, i.e. someone is encrypting their messages, but others aren’t. With the very popular email culture of quoting (be it top or bottom posting), an unencrypted party in the the conversation can leak important information.
    • PGP is… peculiar, so to speak. I has a lot of issues, mostly stemming from its age (which could also be a source of robustness and security, due to being very battle-tested, but I don’t think that’s quite the case with PGP/GPG), tries to do too much and typically has a clunky UI, which impedes wider and proper adoption by less technically people.

    This isn’t to say people should definitely stop using and promoting encrypted email, since it can be useful.
    It’s just it gives, more often than not, a false sense of security and can lead less proficient users to send sensitive data through this medium which isn’t nearly secure enough for such use cases. Preferably, people with such threat models should opt for better alternatives, most suggested in that article (such as, but definitely not limited to, Signal, SimpleX, Matrix+Olm, XMPP+OTR/OMEMO, sharing files via MagicWormhole, encrypting with tools like age).

    On a slightly tangential note, I think someone should make a Matrix client with an email client interface. I started working on a new traditional chat client (completely nonfunctional still, very much in-dev), but I’ve been honestly thinking more and more about making one looking like an e-mail client, where there isn’t much focus on instant room-based chats, but rather on longer-lived 1-to-1 and list-like exchange of messages.







  • tmpod@lemmy.ptMtoPrivacy@lemmy.mlPrivacy.com in Europe?
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    4 months ago

    I’m not familiar with any service that works at the international level, but over in Portugal, the biggest ATM network, Multibanco, has had a service called MB NET (now integrated with the newer MB WAY app), which allows you to create temporary cards with 3 different behaviours: one-time, monthly, multiple uses. The first one always has 1 month of validity, while the others only expire after a year, and you can define a maximum capacity.

    It works perfectly well in foreign online services, but you have to have a card from one of the associated banks (presumably from their Portuguese branch?).





  • BitWarden is really good. Has (nearly*) everything I want, works well across all platforms and the free plan is very featurefull. Even though I don’t really use any of the premium features, I still pay for the plan, to help fund development, it’s only 10€ a year.

    • I say nearly because I’d love to have some form of autocomplete in Linux Wayland, outside of the browser extension. I believe one of KeePass apps does this (but only for X?)