#opsec
ICYMI: T-Mobile #app glitch let users see other people's account info
Just T-Mobile things - but not a breach! (Wow!)
Customers could see other peoples' account information.
Exposed information included:
- Customer name
- Phone numbers
- Addresses
- Account balances
- Partial credit card details
@securingdev it may be easier because they have segmented their networks properly, school from private yes opsec so they can leak without having to cross the streams...
#opsec 😂
(or more likely because their phone is now a fully integrated extra appendage probably use it to open beer bottles too)
Currently trying to build a Threat Intelligence compilation from diferent resources for Activists and Journalist (RSS feeds).
Right Now:
- Counter-Surveillance Resource Center (https://www.csrc.link/rss.xml)
- Freedom of the Press Foundation (https://freedom.press/news/feed/)
- Lucy Parson Labs (https://lucyparsonslabs.com/feed.xml)
- Privacy International (https://privacyinternational.org/rss.xml)
- The Citizen Lab (https://citizenlab.ca/feed/)
I am trying to compile specially around: legislation, surveillance, police tactics against opositors
Does anyone have other suggestions add?
Check out @GrapheneOS, DivestOS, @LineageOS, @iode, @e_mydata comparison chart by Sandbag6736 from Techlore forum. Personal preferences play a big role. 🔍📱 #AndroidROMs #privacy #opsec #cybersecurityawareness
Feel free to comment if there’s any inaccuracies.
@noelreports silence 🤫 is golden #opsec
[#OPSEC|#VPN] [Mullvad] have successfully completed our migration to RAM-only VPN infrastructure - Blog | Mullvad VPN https://mullvad.net/en/blog/2023/9/20/we-have-successfully-completed-our-migration-to-ram-only-vpn-infrastructure/
@c0dec0dec0de @Computer
"Please enter your full name to complete registration" on another xyz social network.
#opsec #fail #dark #pattern #darkpattern
If you ever want to feel depressed about humanity, just do a search for things like #newbadge on your social media platform of choice. I found this one on #Facebook. This guy works for a bank.
Don't be this guy. He could be impersonated, or this picture could be used as a template to forge a fake ID complete with a valid barcode to gain access to bank facilities or infrastructure.
I censored the bar code and ID#, they were visible in the original.
"Canada Post breaking law by gathering info from envelopes and parcels, privacy watchdog says"
And also breaking my Canadian heart. 🍁💔
Inside #ShadowDragon, The Tool That Lets ICE Monitor Pregnancy Tracking Sites and Fortnite Players
What a piece by @404mediaco
ShadowDragon: Feeding the mass surveillance machine by tracking people who play Fortnite (and probably, I guess, other popular online games), scraping images from BabyCenter (a site for expectant parents), and social media sites for the Black community, the bodybuilding community, and others.
ShadowDragon also has the capability to monitor/scrape information from hundreds of social media sites/games/websites. Who plays a game and expects to end up in an ICE database?
This is insane.
You are being watched.
#privacy #privacymatters #opsec
https://www.404media.co/inside-shadowdragon-ice-babycenter-pregnancy-fortnite-black-planet/
#Telegram strikes again with documents from Dutch authorities saying that they can request hidden phone numbers and IP addresses at any time. Again, Telegram still claims on their homepage that they never gave up any data when that's not true at all, also for past requests like the one from the German police a while back.
https://cyberwarzone.com/dutch-police-can-access-hidden-telegram-numbers/
Looking for a reliable TOTP Authenticator app? I've been using @ente auth for a while now.
🔓 #OpenSource - Check out their code at https://github.com/ente-io/auth
🔐 End-to-End Encrypted Backups
📱 Multi-Device Support
🌐 Offline Mode
💻 Cross-Platform
Go to https://auth.ente.io to access your codes on your desktop. Make the switch to ente auth and take back control! 🛡️
#CyberSecurity #enteauth #TOTP #MultiFactorAuthentication #TechTips #cybersecurityawareness #privacy #opsec
APT36 state hackers infect #Android devices using #YouTube app clones
The fake YouTube apps want some interesting permissions...
... because they're remote access trojans (RATs), of course.
Be extra cautious of apps from third-party sites. Also, as an aside, remember that everything found in any kind of App store is not 100% safe!
Here I would talk about an interesting thing about our security measures, but I won’t because of #opsec.
And you would reply with ‘huh’ to the thing.
Feeling like moving to a cabin in the woods with no internet...
Revealed: Israeli Cyber Firms Have Developed an 'Insane' New Spyware Tool. No Defense Exists
"A Haaretz investigation reveals that Israeli cyber companies developed technology that exploits the advertising system at the heart of the online economy to monitor civilians, hack into their phones and computers, and spy on them. This terrifying capability, against which no defense currently exists, has already been sold to a nondemocratic country"
Siiiiigh, leave the linux community alone please.
I have some experience in tech. I'm happy to answer any #OpSec questions from #SexWorkers unsure about how to remain anonymous (or pseudonymous) online.
Stay safe out there!
❤️☂️
*edit: please boost
It is fucking *hard* to have good #OpSec as a #SexWorker.
For example: most digital photos contain metadata that could potentially be used to tie your nsfw endeavors to your normie-world identity, sometimes with dire consequences.
Many platforms (e.g. mastodon) will normalize uploaded photos, stripping all such metadata in the process. However, others (e.g. manyvids) do *not* normalize media, instead offering to customers the exact files you upload, metadata fully intact.
⚠️ Alert: Voice deepfakes are revolutionizing banking scams! Cutting-edge AI lets fraudsters impersonate voices to fool even the experts.
💡Tip: ALWAYS double-check before major transactions & stay in the loop on #cybersecurity trends. #VoiceDeepfakes
#cybersecurityawareness #privacy #opsec
https://www.nytimes.com/2023/08/30/business/voice-deepfakes-bank-scams.html
Remember #opsec people! 🤫
Love how he leans into the image of him we adore so much 😅 #budanov 💪🇺🇦
https://x.com/toddy_xgp/status/1699669125298106686?s=46
#longwar #LongWayToGo but Ukraine will win, sorry Elon & Co.
Got a question to all you #infosec folks.
I just setup an encrypted USB drive with VeraCrypt (exFAT file system) and i was wondering if there are other cross-platform volume/drive encryption solutions.
For personal use on Linux I’m fine with just using LUKS, but i need something to work on Linux and Windows (that’s why exFAT filesystem choice) to store stuff like private keys and backups. An alternative would be nice since VeraCrypt is not entirely FOSS
Any recommendations?
Just a quick reminder that you should assume all of your electronic communications are being collected. You cannot assume #privacy if you are carrying electronics or near a phone or other networked device such an automobile, security camera. I also wouldn’t bet too much on #encryption. Security is not a yes/no thing. It depends on how careful you are and the resources of those who want to spy on you. #infosec #opsec #spyware
Free article: https://www.washingtonpost.com/technology/2023/09/13/pegasus-infection-meduza-founder/
Revealed: The Country that Secretly Wiretapped the World for the FBI
Lithuania.
#privacy #cybersecurity #opsec
https://www.404media.co/revealed-the-country-that-secretly-wiretapped-the-world-for-the-fbi/
'Evil Telegram' #Android apps on Google Play infected 60K with #spyware
The trojanized Telegram apps to steal user data, collecting information such as user ID, phone numbers, and contacts.
Same thing has happened with #Signal and other messaging apps.
Be cautious of what applications you are installing on your device - whether it is from an official app store or when sideloading. While many forks of well-known #opensource apps exist, there are also malicious ones.
Try to correlate any information on the app + developer descriptiona nd any other known resources. Be aware of the permissions the "fork" asks for. There are some really convincing fakes out there.
Concerned about #PegasusSpyware? It can access your data and calls without your knowledge. 🚨 To protect yourself, always keep your devices updated, be cautious of suspicious links & consider using #e2ee apps. Stay vigilant, stay safe. 🔒 #CyberSecurityAwareness #opsec #privacy #spyware
IVPN TunnelCrack #vulnerability assessment
@ivpn completes review/assessment of its apps for vulnerabilities unveiled by TunnelCrack research paper.
IVPN did not receive vulnerability disclosure, but good on them for sharing this!
#privacy #vpn #tunnelcrack #security #opsec
https://www.ivpn.net/blog/ivpn-tunnelcrack-vulnerability-assessment/
Are there trustworthy browser plugins to counter fingerprinting (by randomizing reported screen size, time zone, languages, fonts, …)
I'm still laughing 👀
"just change your password, it's okay" - FBI #opsec
[#PRIVACY] Extreme Privacy: VPNs & Firewalls
"Today, we published our fourth digital guide in the Extreme Privacy series. This time, it is all about VPNs and firewalls. 9 chapters | 34,000 words | 87 pages | $10. This digital (PDF) supplement to Extreme Privacy continues a new approach to our tutorials. It is not a replacement for the printed book, but a much more thorough guide about VPNs and firewalls."
https://inteltechniques.com/blog/2023/09/08/extreme-privacy-vpns-firewalls/
Any of you masto wizards that know of good account to follow to learn more about #cybersecurity, #infosec, #opsec etc? I'd follow the tags, but I've often found that following big tags drowns my entire feed in one topic
Lockdown mode works fine, but without JIT, the browser is slower. You can also just disable iMessage. I did. This blocks all NSO group #exploits we have seen to date, and nobody uses it anyway, as they never released an android version.
@arstechnica Tagging with #InfoSec #OpSec #Security #CloudOps #DevOps #APT #Vulnerability #storm0558
Detecting & Removing #Stalkerware
From @Lockdownyourlife
Stalkerware comes in many different packages (was that a pun?)
@skykiss Listed as a 'Private Owner' so nothing to see here! 😜 #DemocraciesVsAutocracies 🇹🇼 #OPSEC
Free online audio jammer. Interesting stuff.
https://mynoise.net/NoiseMachines/audioJammerNoiseGenerator.php
Okta: #Hackers target #IT help desks to gain Super Admin, disable #MFA
Threat actors apparently targeting IT service desk staff at US-based customers. The goal is to get MFA reset for high-privileged users.
Social engineering help desk staff has been a thing for a while, but IMO it seems to be a not-talked-about-enough subject. A lot of info help desk are told to use for authentication for resets over the phone can be found in leaked information (like a #databreach)
Taka rada #OpSec ode mnie kochani.
Tak, jak wrzucanie fotę to ona jest zestripowana z EXIF.
*Ale* wasz admin dostaje fotę z EXIF, więc jak nie wyczyściliście przed Uploadem to admin wie, gdzie mieszkacie, geolokacje.
Ten admin może się zmienić.
Ten admin może być kraftowy i mieć dziurawy serwer, gdzie zdalnie inni sobie podejrzą.
Ten admin może zostać odwiedzony przez ABW kolegi zazdrosnego kochanka.
Stripujecie foty *przed* wgraniem na cudzy serwer jak chcecie minimalizować ww. sprawy.
If you’re interested in OPSEC you’ll find this talk extremely informative. Lots of important information on how to operate safely.
This is the proper way to secure physical access to your network router.
#OpSec #Network #NetworkSecurity #LordOfTheRings #Tolkein #JRRTolkein
@campuscodi @cloudguy good #opsec is harder to maintain than most folks imagine
@sqrt2 the only winning move is not to use #Microsoft Products like #Windows!
#AllGAFAMsAreBad #AllGAFAMsAreEvil #PRISM #ITsec #InfoSec #OpSec #ComSec
#Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook
Still want those backdoors in encryption now?
Your #VPN provider won't go to jail for you for 5 dollars
@ivpn explains how competent service providers can avoid sharing sensitive information about users...
Hint: It involves not collecting/storing that information in the first place. Unfortunately, most VPN providers are not worthy of trust.
(IVPN is pretty great and highly recommended in the privacy community, though.)
https://www.ivpn.net/blog/your-vpn-provider-wont-go-to-jail-for-you/
#hacking #protip: You want to see if your #tor / #vpn / #proxychains setup is working? You want to geolocate your exit IP without solving captchas?
Briefly disable your adblocker. At the top right of your screen it should say: “Hot women from [YOUR EXIT NODE] want to meet you!”
@threatresearch #BlackHat as a #conference has been a #SntichFest for decades.
The sheer fact that they choose to host their event in a location that would literally murder me for existing [and I'm just a white heterocisbinary dude] disqualifies said conference from being anything but a #shitshow that'll make it trivial for the islamofacist regime to earmark anyone with any #ITsec, #InfoSec, #OpSec and #ComSec skills for #surveillance with #Govware like #Pegasus as well as #harrassment...
Something happened and i want to ask the #mastodon #community about it:
1 hour ago, i wanted to get a chocolate bar and a lemonade, so i went to the fancy grocery store…
As i was standing in the aisle picking a chocolate bar, a man down the way faced me and took several phone pictures of me. #safety #security #women #infosec #opsec #scary
Why did he?
Please answer below or in comments.
@enigmatico At least #Microsoft works hard to increase #AttackVectors for #Azure / #Office365 / #OfficeOnline...
But hey, whoever uses that shit has basically given up on #ITsec, #InfoSec, #OpSec & #ComSec anyway and naively believes that jst because "everydoy else does it too" it won't bite them in the ass once @noybeu is done with the #GAFAMs...
Was lernen wir daraus?
1. Sei kein ekelhaftes Arschloch (also #JulianReichelt)!
2. Wer #Anonymität um jeden Preis will, sollte #InfoSec, #OpSec, #ComSec & #ITsec praktizieren.
3. #Medien können nur dann die eigenen #Quellen (zwangsweise) offenlegen wenn diese identifizierende Informationen hat.
4. #Quellenschutz muss trotzdem gestärkt werden!
How to encrypt and #password protect your Excel files
From @protonmail
The Importance of Using Messaging Apps With End-to-End #Encryption, Which Ones to Use and Why
From @Em0nM4stodon
Comparing Threema, Signal, WhatsApp, and iMessage so users can make informed choices for themselves.
Response to "TunnelCrack" #vulnerability disclosure
From Mullvad @mullvadnet
"TLDR: On Windows, Linux, macOS and Android we are not vulnerable to the LocalNet attack. We never leak traffic to public IPs outside the VPN tunnel. However, on iOS we are affected by this attack vector."
TunnelCrack - tricks the #VPN client into using an attacker controlled IP address in place of the actual VPN server IP + also leaking traffic outside the VPN tunnel.
#cybersecurity #infosec #security #opsec
https://mullvad.net/en/blog/2023/8/9/response-to-tunnelcrack-vulnerability-disclosure/
@sec_yote_agenda yeah, that's very sad and I sincerely hope this doesn't happen to anyone - whether they just wasted time waiting or even took money and ran...
Granted I'm more used in #IT and espechally #ITsec, #InfoSec, #OpSec and #ComSec where a minor fuckup will ruin decades of reputation-building in seconds and it's more or less impossible to recover from that...
So it's quite the opposite...
So #Escrow seems more than reasonable to enshure people ain't paying and/or working for nothing.
Guide to Mojeek @Mojeek Operators
Using search operators in the independent and private search alternative, Mojeek.
#privacy #privacymatters #opsec
https://blog.mojeek.com/2023/08/mojeek-operators-a-guide.html
📣 New episode
We spoke with our #fediverse correspondent about the #Kolektiva breach and what anarchists might learn from it, Mastodon #OPSEC, and the growing disillusionment with corporate social media platforms.
#Microsoft Visual Studio Code flaw lets extensions steal #passwords
Secrets can be extracted. PoC available. Microsoft won’t be patching because “extensions aren’t expected to be sandboxed in VS.”
Innocent pregnant woman jailed amid faulty facial recognition trend
Headline says it all.
Not a lawyer but something tells me "My software recognizes your face" shouldn't be the basis for an arrest...
#Zoom revises service terms so it could train AI on user data
Zoom already had #privacy issues, but this is crazy. Zoom wants the right to use potentially confidential/proprietary information to train its #AI model. No opt-out.
#privacymatters #opsec #security #machinelearning
https://cybernews.com/privacy/zoom-revises-ai-service-terms/
OooOk Fediverse,
what's the best way to follow #defcon from afar if you don't have a Twitter account. Who to follow on Fediverse. Is there great blogs? Perhaps livestreams on YouTube or twitch?
Please boost 🥳
#askfedi #askfedivers #askmsatodon #infosec #opsec #itsec #redteam #blueteam
#Mastodon + the #fediverse, which messenger do you primarily use?
Edit: added multiple choice since a lot of us have different messengers for different things. :D
Brave Search removes last remnant of #Bing from search results page
After shedding fallback mixing dependency on Bing/#Google for image/media search, @brave is now claiming to be a 100% independent alternative to “Big Tech search.”
So, now when searching using Brave Search, users should receive results only from Brave’s index.
@Mojeek has competition?!
How Malicious #Android Apps Slip Into Disguise
Bug in most Android versions that allows malware to corrupt components of an app, evading detection from scanning tools and being seen as legitimate by the operating system.
(Seems like it’s similar to DLL injection into malicious #windows processes to me.)
Apparently this is commonly used for banking trojans, but other #malware could also exploit this bug to evade detection.
#cybersecurity #infosec #security #opsec
https://krebsonsecurity.com/2023/08/how-malicious-android-apps-slip-into-disguise/
We had a speaker come to school this week to talk about Cyber Safety.
It was essentially #OpSec for teenagers, and it was awesome.
It also contained the phrase "stop sending dick pics, nobody wants to see that" - and lead to the next point: most sextortion cases these days involve teenage boys, cause they're more than happy to send a picture of their penis to strangers on the internet, which makes sextortion so much easier for malicious parties.
After talking to #security expert, I deleted all #Chrome extensions: they see everything
User beware. Extensions often have privileged access to your browser, able to see (and potentially phone home) your browsing history or even modify pages visisted. It doesn't help that the Chrome Web Store is rife with #malware and suspicious extensions.
Good advice is to keep installed extensions to a minimum. The only extension I always advocate for is uBlock Origin. :D
#cybersecurity #privacy #opsec
https://cybernews.com/security/chrome-extensions-see-everything-cybersecurity-expert/
In light of the California probe into connected cars and user #privacy, there’s a tool by “Privacy4Cars” which gives “privacy facts” of your make/models. Requires you to know/have the VIN number.
Odds are your new(er) car is something like a #smartphone on wheels.
Canon warns of Wi-Fi #security risks when discarding inkjet printers
Many many models and submodels of Canon printers retain Wi-Fi settings, which contains data such as:
- IP address assigned
- SSID name (Wi-Fi name)
- Wi-Fi #password
- Network type
- Network profile
This information could allow a threat actor access to a user's Wi-Fi network.
Canon recommends wiping the Wi-Fi settings of the printer prior to letting a third-party access it - such as for repairs, when selling, trading in, warranty RMA, etc.
everything about this talk is fascinating
Hi infosec.exchange, (and hi again #mastodon + the rest of the #fediverse )
I have successfully infiltrated your server and will load subsequent toots here for the foreseeable future.
(( DETECTED: #introduction ))
I am the same Avoid The Hack from #birdsite and run the website https://avoidthehack.com
Most of this feed is related to #cybersecurity and #privacy - generally for the individuals, families, and the super small organizations out there. I often focus on the intersection between the two.
Sometimes I post advice. Sometimes I share tools. Sometimes I share articles I have written. Sometimes I share articles featuring Avoid the Hack. Sometimes there is humor and memes.
Stay safe out there.
@Joseph I've to disagree with @deviantollam on that part solely because #Cyberfacism at the U.S. border necessitates said #ITsec, #InfoSec, #OpSec and #ComSec...
Like even if I wanted to enter the #USA [which I don't considering the fact that more and more states try to criminalize the very existance of several of my mutuals and don't get any repercussions for doing so!] I'd certainly not bring any device with me with any data on it!
#Firefox 115 Patches High-Severity Use-After-Free #Vulnerabilities
Usa-after-free in WebRTC.
Update to remedy.
#cybersecurity #infosec #security #opsec
https://www.securityweek.com/firefox-115-patches-high-severity-use-after-free-vulnerabilities/
* Are you sharing a shitposting group with said group of friends? You may only share minecraft memes there, but the mere fact that you have it together links you together.
* Did you all take time off from work the day after planning your op? That information could be put together with information about your meeting to give a strong signal who your planning committee is.
* Did your spouse say on social media about going on vacation?
* Did you share something w/ "72 hours remaining"?
It seems timely to talk about what #OpSec is rather than just what it isn't.
OPSEC is about preventing leaks of _metadata_ or _auxiliary data_ in order to prevent revealing your underlying secret. OPSEC is about preventing an adversary from determining your actions from things that are not information about the operation itself.
OPSEC is a process, not a plugin.
For example, if you are worried about plans around an action leaking out, OPSEC asks about elements such as:
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
Benign (and "good") tools can be used to carry out phishing campaigns, such as this #smishing campaign targeting Canadian users who've placed legitimate orders with legitimate retailers.
Avoidthehack updates mobile browser recommendations.
Tried to simplify recommendations for #ios and #android, removing some previously recommended #browsers.
iOS: https://avoidthehack.com/best-privacy-browsers-ios
Android: https://avoidthehack.com/best-privacy-browsers-android
@SwiftOnSecurity I thought you were using iOS? #opsec ;)
Getting Started: Basic Personal Cybersecurity for Everyone (3 Easy Tips)
Happy to (finally) something out for people really looking for where to start.
None of these actionable steps for upping your #cybersecurity posture include threat modeling; threat modeling is to be done after taking steps outlined here.
Use #MFA, strong and unique #passwords, and keep your devices/software updated.
Share with your friends!
Who has written the guide for ensuring your online presence is not used to feed AI?
Qui a écrit le guide pour assurer que ta présence en ligne n'est pas utilisée pour alimenter les IA?
If you get a sales call about your information security stack, you really don't have to answer their questions about what you are using today.
I bet if I cold-called 100 companies I would have solid information about to attack 75% of them by just pretending to sell them a fake product and asking them what they are using currently and why.
Strategies for Countering Police Access to #DNA Data (Chapter 10)
"#OPSEC is military and intelligence jargon for "operational security" and refers to techniques designed to prevent their people being caught during or after an "operation".
The fact that we have to talk about such things at all when it comes to issues like exercising the fundamental right to freedom of assembly or small acts of civil disobedience is a clear indication of how far the state's mania for security and collection has already developed. It is generally better to invest resources on pushing back the security apparatus than in a technical arms race with state agencies!"
Download: PDF (read, A4 booklet, letter booklet) • TEXT
https://www.csrc.link/download/der-polizeiliche-zugriff-auf-dna-daten-strategien-der-gegenwehr/strategies-for-countering-police-access-to-dna-data-booklet-letter.pdf
View Online
https://www.csrc.link/read/strategies-for-countering-police-access-to-dna-data.html
#Data #Police #Activism #directAction #Surveillance #antireport
Pretty good security advice for activists on the latest Renegade Cut video. Some of it may feel “paranoid” to the average person but it does make sense to take these steps as an activist who runs a high risk of clashing with law enforcement.
Some of it isn’t realistically possible in some countries, e.g. you can’t get a SIM card from a store without formal identification. A lot of these precautions are also pretty expensive, although some have DIY alternatives.
I’d add one thing he doesn’t mention: don’t carry your burner phone and your everyday phone together while both are active. It’s easy to correlate the two devices when they share enough of a movement profile. Turn your burner phone off (fully disconnected like described in the video) far enough away from your home and workplace so it’s not correlated to where you live.
PSA: upgrade your LUKS key derivation function
https://mjg59.dreamwidth.org/66429.html
#Linux #OpenSource #LUKS #OpSec #InfoSec #Security #Encryption
The #Teixeira affair is most unsettling to me in how spectacularly weak the #OpSec was of a dude who was supposed to be a trained military expert. Right behind that is how long it went on with #FBI and #DoD apparently not noticing and/or not taking it seriously enough to nail him before @Bellingcat, @washingtonpost , and #NYT hung him out in public.
#InfoSec
I'm taking my smartphone from the US to the UK. I'm planning on leaving most apps logged in, but removing Nextcloud as that has access to my password safe and other things.
What other #OpSec precautions should a reasonably cautious hacker take?
I don't really have anything to hide, but it would be a huge pain to reset everything just because some TSA minion tried cloning my phone.
«#Tor Project’s New Privacy-Focused #Browser Lets You Layer a #VPN» #TorBrowser #Privacy #OPSEC https://www.wired.com/story/mullvad-browser-vpn-tor-project/
@mcc @esther @edaross yeah, that's a general issue in terms of #ITsec, #InfoSec, #ComSec and #OpSec.
That's why one should not manage sensitive stuff on publicly accessible servers.
In fact, every employer I worked for put their repos internally on their own servers and restricted access to only devs within corporate network/VPN to reduce the issue.
How to stop email trackers from invading your #privacy
@protonmail gives tips for improving your privacy while using email.
Just switched to @protonmail & using it in combination with @simplelogin. While I was at it I also bought a subscription for @mullvadnet & created a mastodon account. I think I made some good decisions this month <3
Also using @bitwarden in combination with a Yubikey.
Any recommendations on #opsec #privacy without sacrificing convenience are welcome :)