Kirsle.net logo Kirsle.net

Tagged as: Privacy

I Migrated from LastPass to KeePass
March 29, 2018 by Noah

Today I finally migrated away from using LastPass as my password manager and am instead going to use KeePass. My reasons were the following:

  1. I don't want a browser extension being responsible for my password manager, as the security surface area of a browser extension is unknown.
  2. The usability of LastPass's extension for Firefox has been declining. They removed the ability to "Copy Password" which makes logging in to some sites, like Amazon AWS, a royal pain in the ass.
  3. LastPass is closed source and is a black box and it does weird things, like not ask me for my password often enough, and I have no idea what it keeps available in memory for malicious apps to get into.
  4. I want to keep my things off the cloud where I can.

In this post I'll share my experience with migration, complaints about LastPass and how my current setup looks for syncing my passwords between my phone and computers.

Read more...

Tags: 0 comments | Permalink
Withdrawing from Social Media
March 24, 2018 by Noah

This has been a rough week for Facebook with all the Cambridge Analytica drama, and it's as good a time as ever for me to start withdrawing from Facebook and other social media.

Announcing that you're going to #DeleteFacebook, on Facebook, is cliche af so I'm not going to do it there. This week I've been wiping my Facebook profile clean (not that deleting posts actually deletes anything from their database) and all that remains, currently, is one profile picture, a cover picture, and a Keybase verification post that, of course, I don't mind being public. After I find out alternative messaging options for some of the friends I enjoyed chatting with on Messenger, I'll delete the account.

Facebook's drama isn't the only crazy thing I heard about this week, though: there's also the CLOUD Act, and it is far worse.

Read more...

Tags: 1 comment | Permalink
Do you need to store that IP address?
August 16, 2017 by Noah

I was reading this ACLU blog post about how DreamHost was served with a warrant to hand over IP addresses of some 1.3 million visitors to a website they host, and it got me thinking: do websites really need to store IP addresses of their visitors?

There are a lot of VPN companies such as Private Internet Access that advertise far and wide that they explicitly chose not to keep any logs. The idea is that if the VPN provider is served with a warrant for user activity, they would have no data to hand over, because they never stored anything in the first place. Why don't websites do that?

Read more...

Tags: 3 comments | Permalink