Keyoxide: aspe:keyoxide.org:KI5WYVI3WGWSIGMOKOOOGF4JAE (think PGP key but modern and easier to use)
The offline version is on izzyondroid.
The design is worse, yes.
I don’t think it matters much because most of the time you only see the autofill thing, not the app.
When you do go to the app, it is to select between multiple credentials, which is still a split second action.
On mobile I have my 2fa in a different more convenient app (aegis), though k2a does allow to copy 2fa codes
It doesn’t.
Both DX and K2A-O open a local keepass file.
They are capable of reloading the file when it is changed, and can be set to immediately write out changes to the file.
Then you take whichever file sync tool you like and sync it with all other devices using it. As long as the sync tool can sync files in your internal storage, it will work.
I use syncthing, with a dedicated keepass folder containing only the database file. Then I simply add all my devices to the share and it’ll sync any changes to all other devices. I also have version history enabled for the share.
Keepass2Android Offline also works very well. It has a somewhat different feature set compared to DX.
I found it to be more stable at remaining permanentl unlocked, and DX dropped the 3rd domain level for password matching on either websites or apps, I don’t remember.
On the other hand DX works better for adding new credentials or making changes. Since I usually do that on desktop it doesn’t matter much for me.
They were doing the same on other repos for months.
Both their npm module and android client.
On android they tried to get people to add their own fdroid repo because the official fdroid has not had updates for 3 months due to the license changes.
Edit: Looking at it now compared to 4 days ago, they apparently got frdoid to remove bitwarden entirely from the repo. To me this looks like they are sweeping it under the rug, hiding the change pretending it has always been on their own repo they control.
Next time they try this the mobile app won’t run into issues, the exact issues that this time raised awareness and caused the outcry on the desktop app, which similarly is present in repos with license requirements.
If they were giving up on their plan, wouldn’t they “fix” the android license issue and resume updating fdroid, instead of burning all bridges and dropping it from the repo entirely, still pushing their own ustom repo? Where is the npm license revert?
Also important to note is that they are creating the same license problems in other places.
They broke f-droid builds 3 months ago and try to navigate users to their own repo now. Their own repo ofc not applying foss requirements, because the android app is no longer foss as of 3 months ago. Now the f-droid version is slowly going out of date, which creates a nice security risk for no reason other than their greed.
Apparently they also closed-sourced their “convenient” npm Bitwarden module 2 months ago, using some hard to follow reference to a license file. Previously it was marked GPL3.
It means previous versions remain open, but ownership trumps any license restrictions.
They don’t license the code to themselves, they just have it. And if they want to close source it they can.
GPLv3 and copyleft only work to protect against non-owners doing that. CLA means a project is not strongly open source, the company doing that CLA can rugpull at any time.
The fact a project even has a CLA should be extremely suspect, because this is exactly what you would use that for. To ensure you can harvest contributions and none of those contributers will stand in your way when you later burn the bridges and enshittify.
If you rename a file only changing the casing it doesn’t update properly, you need to rename it to something else and back.
This is so userfriendly I have been stumped by it multiple times.
On the other hand in using Linux I have had a number of problems with the casing of files: The number is 0
i2p doesn’t really have exit nodes, it’s mostly for i2p internal connections.
The only exit I know is stormycloud.i2p, and that one is somehow immensely limited ro the point of it being hard to load clear-net text pages.
Careful, Google is currently forcing apps to migrate from SafetyNet to PlayProtect!
SafetyNet is used by tons of security theater apps like banking 2FA. It is an API of play services.
PlayProtect is basically the same but you have to talk to it though google play. This is a blatant move by google to make exactly what OP is suggesting impossible, and means that if you do this, you may soon see many apps break that you are forced to use.
Yes, those could be detected.
Ill see how large that portion is on my system in a bit, but I would expect it to come out as the minority.
Non-detectible ones I can think of rn:
Many more of the ones you listed won’t be detectable on most websites.
userscript managers (grease/tamper/violentmonkey etc.)
A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.
User theme managers should be similar, but I can’t comment on them as I don’t use any.
page translators
Translators are only detectible when enabled.
addons serving in-browser ads
Why would you have an addon that serves ads?
site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)
Are site-specific, i.e. not detectible anywhere else
privacy blockers (CanvasBlocker/JShelter/etc.)
Please don’t use those anymore, use only uBo. Same for uMatrix.
uBo is pretty good about not being detected, for obvious reasons.
I found this is the only thing I found on a quick search.
It would indicate that chrome does disclose addons (so maybe don’t use it for yet another reason).
For Firefox you can only look for changes typically performed by an addon, something like adblock should be detectible but networking layer stuff like an I2P tunnel should definitely not be.
Most firefox addons dont even have the permissions needed to change anything a website could observe.
I don’t see any extension info and I don’t see how there could be any. There isn’t any api for gaining this info in ff at the very least.
There are other issues, but most extensions can in fact not be detected by websites, unless they specifically add something that makes them detectable.
TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.
Talking to windows or through it to the TPM also seems sketchy.
In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).
The default on android is to give every wifi network its own random but static mac.
Firefox+PlasmaWayland+SystemD+portage+GNU+Linux
Out of interest, after alsa it was pulse and now it’s turning to pipewire?
What was the standard before ESD?