if we use 2FA Yubikey do you still need password managers if you only use places on the net the except Yubikeys ? i use Brave as my only browser , i still have gmail but want another one and im not worried about gov spying like some securty privacy utubers talk about im privancy and security from malicious actors hackers and beimg tracked by apps and google lol , i only phones no PC or laptop . So get Yubikeys and a seperate email account , proton mail with vpn looks good or mulvad as well seem to be the best overall but i dont want to use my debit or credit cards to purchase them. Now my bank wants me to use biometrics for sign in too i will see if they except Yubikey , id rather have that than password managers as im not tech savvy lol i feel like id mess it up and be locked out lol

- I don't use Chromium based browsers (specially one that is actively pushing web3 and AI). - I know "data removal services" are scams. - I don't use 1Password as my PW manager, I self-host Vaultwarden. Yeah, I think I'm good.

Why delete my comment? lol You asked what we do different.

@@AllThingsSecured you don't use secure apps...

Yea, right, for all this apps you will pay al most 40 or 100 USD / year.

Thank you so much, Rob

This is the way. No account should share an email with any other account. Aliases should also not be easily guessable. They don't need to be as complex as a password, but they should also not be easy enough that someone calling into a call center could guess the address and provide it to the call center agent. This has happened to me, which is why I now use aliases. Recently I had to make a financial transaction that required me calling in. The rep asked for my email address and I had to look it up because even I couldn't remember it. The beauty of aliases are multi-fold. 1) A little more security, 2) They can help identify which account resulted in you receiving spam. 3) They can be easily disabled or deleted for accounts that you no longer want to use and particularly for services that won't let you delete your account. 4) If an account is breached, you can easily delete the old alias and create a new one along with a new strong password. 5) No commingling of any accounts. Disabling/deleting an alias will have no impact on any other account and there's also no need to keep track of which accounts use which email because they are all unique.

I used aliases for everything as well. Can't recall the last time I gave my actual one for anything.

Hmm, I haven't heard that. If that's true, it's very unfortunate. Protecting your credit shouldn't have any affect on your rating. That's a shame.

I'm excited that it was useful!

Yes! I know there are quite a few banks that offer virtual cards now.

the reviews says the extension is broken

Glad you enjoyed it, Steve!

I signed up, looked into them some more, and quickly unsigned up.

Can you tell me which one do you use instead of hushed ?

Any app/service we can use instead of hushed for virtual mobile number?

Cloaked

Privacy and anonymity are 2 different things.

Glad it was helpful, Larry!

Glad it's been helpful to you in some way.

Even in my current cybersecurity course they dont even tell you to use ad blocking

Ha! I'll take the compliment...thanks :)

Thanks! 🙏

If you don't need it for work, then the 5 series is more than enough for the average person. In fact, even the Security Key series (most budget-friendly) might work as well.

@@AllThingsSecured Thanks, appreciate it!

Awesome. Glad to hear it.

Awesome!

I've honestly never heard the name before, so I have no opinion.

Yes it is.

My pleasure.

Duck Duck Go or Startpage.

Would you like to explain, why that could be?

@@whatthefu3786 Sure. If you visit the Hushed website you’ll notice that there isn’t any mention of end-to-end encryption for texting and phone calls using a Hushed number. And if you visit the MySudo website you’ll notice they mention that everything is end-to-end encrypted. They also provide you with a private email address and browser whereas Hushed doesn’t have any of that.

This is true, Brave is Chromium-based, but it is a fork of the Chromium open source project, not a reskin, so it's not susceptible to Google schenanigans.

Great question, Laura! Unfortunately it would be almost impossible to do a mass, automated change of all passwords. My recommendation would just be to start small - choose the 5-10 most important accounts and change the passwords for those. Then build from there. It's better to just get started small than never at all!

Thanks, Karen!

@@AllThingsSecured I had just watched your interview with Ellie Weiner on Bible Memory Goal (!!!) and YT served up this privacy/security video from your “other” channel. It’s a 2fer 😉

If you want your calendar and contacts to be private and secure, use a paper calendar and physical address book. If you want convenience and don't care about your privacy and security of your most sensitive information, then use software or an online tool.

Always a concern however Bitwarden and other ones recommended here store both the vault login and then all information contained within the vault under encryption, whilst lastpass only stored the vault password under encryption. If items inside the vault are encrypted it is okay as if they are all unique they would have do individually crack each one which would take millennia

Yes, that’s the one I’ve been using for the past couple years.

@@AllThingsSecuredThanks. I just signed up. I am linking accounts and it is using Plaid and says the company is Aura...did Aura change their name to Identity Guard?

@@TonyPadgett Aura acquired Identity Guard but have kept them separate.

Exactly. Aura is the parent company of Identity Guard, but I haven't really liked the Aura product as much as Identity Guard.

@@AllThingsSecured Good to hear. I tried Aura and wasn’t that happy with it.

Either is fine. I have an address with both.

Have you looked at Revolut? I think it works in Canada, but I'm not sure.

Great list of tools.

My recovery codes get securely stored in a couple different places that I'd rather not disclose. I've never had to use them, though, because I have a backup 2FA key.

Dashlane is good, but I prefer 1Password or Proton Pass.

Not sure where you looked but did an search an search and on the first page 4-5 kinks down found an list with 20+ companies. (duckduckgo)

I promise I'm trying to find one, but so far I don't know of any (yet).

The native one.

@@AllThingsSecured Google?

late reply. I would suggest that for such cases you set up a virtual machine. That way you don't need to buy a second computer and still ensure that nothing nefarious is going on.

Not as much as you’d think. Some are business expenses (virtual address) and some are free (virtual credit cards). Most others are less than $5/mo.

Way cheaper than the cost of dealing with identity fraud for years after a bank breach.

For the free virtual credit cards, do they apply for the demographics of Europe and India?

Unfortunately the virtual credit cards that I mentioned are US-only. Europe can use another one called Revolut, I think. I'm not sure about India.

Only a suggestion, as I've recently found this channel which seems very informative, and also covers the various aspects of SIM cards. It's called "Naomi Brockwell TV", and she's very good at explaining things. Good luck and stay safe.

Yes, you can. I do it all the time.

With Privacy, even if the merchants mess up, the card will immediately be declined.

You could easily get a SimpleLogin subscription separately that does that.

They both work just great.

Because it's one of the most secure messaging services available (if you have Advanced Data Protection turned on), it offers end-to-end encryption with client key verification. Although Apple stores your messages, if you have Advanced Data Protection enabled, you are in possession of your private key, which means you are the master of the stored data. There isn't anything that would make it not safe to use. Just because it's run by a big tech company doesn't mean you shouldn't use it and that it's unsafe and not privacy respecting. Do your research.

@@RemasterScope Well, aren't you a nice person... You assumed that I had not done my research, which was your first mistake. If you would have actually read their latest privacy policy, it is clear you are mistaken and don't understand. The privacy statements are written in legal language and nearly takes a lawyer to interrupt them, so don't feel bad about not understanding the nitty-gritty details. Security and privacy are two topics you should research and try to understand the differences. It is common knowledge that Apple can read every message and media sent over iMessage and clearly stated in their privacy and end-user license agreement policies. If the message is sent to a non-Apple user, then the exposure is even worse because of the plain-text nature of the PSTN. Based on your reply, I am sure you will come back with some piffy response, but there is no need. Just go read the policies referenced and that is all that needs to be said. If you cant help yourself and choose to reply anyway, please reference the Apple policy so we can all be on the same page.

⁠@@TimLaytonDarkroomDiaryI did not mean to sound rude. I genuinely wanna talk about this stuff. Reading through their privacy policy and guidelines I did not find something that would indicate that they can read all the messages. It’s stated that the iMessages are E2EE and also they are stored securely in iCloud (ADP). And of course the SMS is not secure by definition. Sadly right now even the RCS is not E2EE so there’s that. Now that I think about it, Apple did not implement any EU Chat Control into iMessage so I don’t know what would make you think that they are scanning the messages sent.

@@RemasterScope Thanks for that, and I appreciate you following up to clarify. Most people would not do that, so thank you. One thing I would mention that is also related to the use of iMessage and in general, iCloud, which should be very concerning to people, is the issue of deletion. Recently, with the iOS 17.0 update, you may recall that thousands of people reported photos and videos from many years ago suddenly reappeared on their phones again even though they had deleted the content locally. This created some serious embarrassment for people because they had given their phones to other family members, etc. It underscores the reality that Apple is clearly never deleting your photos or videos even though you think you have deleted them locally. This is all part of a larger legal issue involving client side scanning related to the Child Protect Act where all content on phones are scanned for illegal content and your content is stored in Apple's database forever and it is shared with law enforcement agencies to query at will. This is a serious privacy issue that everyone needs to fully understand. Back to the original iMessage E2EE topic, we know that Apple can and has handed over supposedly secure iMessages to the FBI when required to do so. IMO Apple talks a great game about security and privacy, but they are one of the worst offenders of privacy in particular for the above mentioned reasons and many more that could be discussed.

For anybody, not just US.

Not what the dark web is. Delete me doesn't magically delete your info from data breaches, it deletes your info from legally collected and sold sources and brokers. Almost all websites collect and sell your information when you visit them.

They find your data with various data brokers and then make legal requests to have the personal data removed. You can see more about my experience here: kzbin.info/www/bejne/hqHGi2mMfqqJjNU

I was and still am. In my mind the services are built for two different use cases. When I need a second number for 2FA codes, for example, I want a static number that I own. When I want to just give out a phone number that I can trash later, Cloaked is the way to go. In any case, I'm really just waiting for Cloaked to move their virtual card feature from beta to public before I really start pushing the service.

Only a suggestion, as I've recently found this channel which seems very informative, and also covers the various aspects of SIM cards. It's called "Naomi Brockwell TV", and she's very good at explaining things. Good luck and stay safe.

I've used MySudo before and it wasn't bad, but I wasn't crazy about it personally.

That is sadly not true. Do you mind explaining who "they" is and how they were able to access everything?

@@AllThingsSecured 6 trips to FBI. Nuff said

​@@amygradybsw🤡

Chromium is open source… so is Brave. If you have any concerns, view the code yourself. It’s obviously not as private as TOR, but it’s a great, user friendly, privacy focused browser

Yes and? Just because its foundation is built on top of chromium doesn't mean it's bad...Chromium is open source and company that developed Brave Browser used this open source foundation to build on top of. They removed some of the elements that made it "spyware" and made a good quality private and secure browser.

Thanks!

yes

If you landed on these domains, they are likely part of a tracking URL used to credit the affiliate for any sales or conversions that occur after someone clicks the link. The actual destination of these URLs can vary widely depending on the specific affiliate link being used. If I were a subscriber to this channel, I would unsubscribe immediately. I am not negative, just factual

I appreciate the concern, but there are ways to maintain the encryption outside the same system.

@@AllThingsSecured did the internet fix the hole in the security protocols?

google pgp before you speak, that tech was developed 30 years ago for this exact purpose.

​@@notusedexerdo you know how little that narrows things down?

@@YTDeletes90PercentOfMyComments when the internet was originally written all email was text based So therefore if you sent an email from one domain to another domain it could be read by anybody. My understanding is they were working on a way to fix that obviously flaw.

Mullvad browser or Tor browser would be better, imo.

“Private” is subjective but I’m curious what your specific objections are. Sure you could use TOR and turn off JavaScript but this is not practical for daily use. Privacy tools only work when you use them. Which browser do you prefer?

What do you mean by this comment?

@@RemasterScope that Brave is not the private browser that they advertise. Very very briefly , First the affiliate links and then the vpn installation without consent on which either case they did not took responsibility. They also use your data to serve ads, similar to others, egg MS does also does this with the same “the data are not linked to your account “. They retarget ads to their wallet crypto thing. Their search engine , at least a couple of months ago, it did not have any documentation on how it does the crawling, which means that you do not know how the results retrieved and from where. The where plays important role since it might be websites that are not allowing crawling.

no they did not

To whom? How? Any proof?

Interesting point. I think I didn’t add it because it’s not something I use every single day.

​@@AllThingsSecured I see. Naomi Brockwell advises to leave on permanently

Most companies know who you are VPN dont matter

@@AllThingsSecured WHich is the best vpn according to you

A VPN is a tool that you most likely don't need. You only need one if you suspect that your ISP is spying on and logging your internet traffic (by this, I mean the domains you visit, as other traffic is hidden by HTTPS). If you fall under this category, then I wouldn't recommend any other VPN than Mullvad. It’s the most privacy-respecting and secure VPN available. Do more research on your own what a VPN really does and why it may be useful or not.

You can get virtual cards internationally using Revolut. And as for Yubico, they have the Security Key series that is much more budget-friendly.

Evidence? It’s completely open source, so I suspect such a bold claim has clear proof