This is an update on my privacy setup since my last post. Yeah, I know WhatsApp belongs to Meta and is handing over all my data to the US, Israel, Iran, China, the Vatican, and Mars, but for personal reasons, I can’t ditch it right now. How can I improve my setup?
Which phone and message app are you using? I also don’t see a way to view photos or files and which camera app?
Obviously GrapheneOS is the best way to go for privacy but if you do stick to OEM Android then make sure you’re using apps like the Fossify suite. I use their apps with all contacts and calendar synced via davx and self hosted on Nextcloud.
What about KeePass, where is that data backed up?
KeePass is a password manager that doesn’t store your data in the cloud (like Bitwarden), meaning it doesn’t need internet access to work (though that doesn’t matter much to me, since I use a Motorola and can’t restrict its network access like I would if I could afford a Pixel and install Graphene). In KeePass, your passwords are kept in a file that is YOUR responsibility; as long as you have the file, all your passwords are safe (but of course, you also need the master password to access the others, and if you want, you can add other security methods to make it harder to get into your vault).
Consider dumping keepass for bitwarden.
If you’re using the password manager correctly, you will only use the password manager and have all different, impossible to remember and keep track of combinations of passwords and logins.
So losing access to the password manager would be catastrophic.
A tool like keepass relies on the user to not lose access to the password managers data, but many events far outside of the users control can happen. Natural disasters, confiscation and even good ol’ user error can lose access for the most careful users and cause seriously problematic situations.
A trustworthy cloud based option can close that hole and make very difficult situations much easier.
“My phone and computer were lost in a flood or fire. In order to receive aid or access assistance I need access to the credentials on them.”
“My phone and computer were confiscated by the authorities. They are locked and encrypted, but now I don’t have access to my credentials”
“Oops, I made a mistake!”
You almost certainly are better served by using a trustworthy service like Bitwarden that allows you to still do your shit in these situations.
I understand your concerns, but none of them really affect me. I live in a country located in the center of a tectonic plate, which makes it very difficult for natural disasters to occur; for example, high-magnitude earthquakes have never happened here, and tsunamis have never occurred within the territory either—at most on the country’s coast in 2004, but I don’t live on the coast or in a flood-prone area. The reason I’m protecting myself regarding privacy issues isn’t to hide from the government, but if it were, one of the things I’d worry about least would be keeping my passwords secure. What might happen is that I could lose the password file, but I already keep it on three different devices; if I lose two at the same time, I’d still have one with the file. In the end, both KeePass and Bitwarden have their issues; for instance, if Bitwarden’s servers were attacked, the passwords in the cloud would be at risk (although I know they have some extra protections in case that happens).
You can self-host Bitwarden via the excellent Vaultwarden server. Bitwarden can be used offline too since the vaults are also synced locally.
I know that, but lately I’ve been preferring to use KeePass (plus I have terrible memories involving self-hosting; I don’t know anything about it and I can’t self-host anything, whether it’s due to a lack of knowledge or a lack of resources).
Keepass can replace Aegis for TOTP
I didn’t know that, but security-wise, wouldn’t it still be better to use Aegis? 2FA is meant to provide extra security in case your password is compromised; this means that if someone gets into your password manager, they still wouldn’t be able to access your accounts because of the 2FA. But if you put your 2FA inside the password manager, that just makes it easier to access your accounts, right? Anyway, I found that information interesting, I had no idea. Thanks!
Older pixel phones run relatively cheap if you don’t mind having an older model. Mine was still locked by my ISP, but I used their insurance plan and they sent me an unlocked one lol
It’s not about the price; I’d buy a current Pixel if it were sold in my country, but importing one from somewhere else would be really expensive.
Ahh that sucks