YSK: Keeping your accounts/online identity safe in the age of the fediverse/federated networks

Jenner8, 11 months ago

deleted_by_moderator

axzxc1236, 11 months ago

Or get yourself your own domain name, and use a email service provider that can forward all emails of the domain name to one account.

_MoveSwiftly, 11 months ago

Hello there, and welcome to our community! I hope you like it in here.

Could you please include some body text as to why should people know this, and how would that help them? It’s our second rule. Thank you :)

gvasco, 11 months ago

I find that all that is well explained in the intro paragraph.

big_duck_energy, 11 months ago

Weird question - if you change your email address, is the change you made, and the old and new email address now federated out to all the other instances, meaning in a hypothetical leak, both email addresses get leaked? Or would only the newest one be saved and federated, and therefore leaked?

person, 11 months ago

federated users and local users are stored in the database in different tables. The federated users table doesn’t have emails saved in it.

humanreader, 11 months ago

Speaking of which, stuff that frequently comes up in privacy related forums:

Differentiate between your professional accounts (it has your real name attached) and your non-professional ones (you use it to discuss pooping methods for example). Don’t mix them up. I know many will say “so what if people in the fediverse know where I live and how I poop, I got nothing to hide” a lot, but that’s how people got doxxed or swatted.

Even if you don’t feel the need to, it’s good to sit down and identify the potential threats given certain problems. Do you recycle passwords for email and social media accounts? What about banking? If a malicious coworker or an immature family member got access to your social media profile and posted reputation-damaging content, how bad can things get? Identify the outcomes you can mitigate or must prevent, and plan accordingly.

There is no “100%” when it comes to privacy. It’s a process, not an “all-or-nothing” switch. Beginners often ask if “program X and Y will protect me 100%”, and the answer usually boils down to “there isn’t a single magic pill”.

Privacy ≠ Security ≠ Anonymity. A VPN subscription can secure your connection (content secret in transit), but does not make you anonymous (sender known to middle node). You could leave an anonymous message (sender unknown) on a public forum, but the message itself isn’t private (content not secret). And so on.

Encryption is a useful tool, but don’t fall for the “military grade encryption” speech. They often mean “we just slapped whatever shit it came up with”, nothing extraordinary.

There are many more but I will stop for now. No, I am not in Guantanamo.

gvasco, 11 months ago

Great points all around!

redcalcium, 11 months ago (edited 11 months ago)

Also, do not post personal information here ever. Once you posted a comment, there are no guarantee you can fully delete them later. If you post a personal information, there is a chance that it might still up in some instance somewhere even if you attempt to delete it. Some instance might not receive the activitypub push about the deletion due to federation issue/lags, getting blocked from the original instance, bugs or random internet connection issues. Use other channel if you need to share personal info to fellow lemmings so you can be sure to purge them if needed later (e.g a link to pastebin, discord, etc)

PlutoniumAcid, 11 months ago

You said, do post. I am sure you meant, don’t post.

redcalcium, 11 months ago

Lmao you’re right. edited

ShadowPouncer, 11 months ago

If there are not already people running fediverse nodes that exist specifically to harvest potentially 'interesting' data, there will be.

You edited it? That's maybe interesting. You deleted it? Same deal, maybe interesting.

It looks like an email address? Definitely might be interesting. A phone number? Yep.

An address? Definitely could be interesting.

If you posted it, assume that it will always be available to the exact people that you don't want to see it.

NumbersCanBeFun, 11 months ago

I also suggest varying your password techniques and having two master passwords. I use them interchangeably across all my accounts. I also suggest varying your password techniques by switching it from random to pass phrases from time to time. This will make standard attacks difficult to achieve as they will need to retool their setup once they realize they are working with a different type of password to crack. Think dictionary attack vs brute force. Sometimes one works better than the other and the more entropy it has to work through the harder it is to crack the password.

ShadowPouncer, 11 months ago

Don't do this.

Just use a good, random, password generator with decent settings.

Varying away from that just to 'change the kind of password' is only going to reduce your security.

You want as many random bits of information as possible in the password. That's it.

NumbersCanBeFun, 11 months ago

I don't agree and if someone knows your ONLY randomly generating passwords you open yourself up to an attack. I think having different password systems is the most ideal and since I am using a password manager it doesn't affect my ability to implement this process. The two master passwords are spread across a couple of different password managers I use, so one doesn't unlock the others and vise versa.

in fact, all I am seeing here is "it's only going to reduce your security" with a really weak follow up statement on "random bits of information."

Pass phrases can have large amounts of entropy attached and I don't understand why using two different password systems is less secure, in fact I can only see an argument to being more secure since you are varying your implementation of protection.

ShadowPouncer, 11 months ago

That's like saying that only using high security locks with various security pins in them to protect your house is a bad idea, and you should throw in some secured with padlocks too just to change things up.

And if some of them are shitty masterlocks, well, you're changing things up.

That's really not how security works.

Yes, pass phrases can have large amounts of entropy attached. But unless you are picking your pass phrases truly randomly, with a large dictionary, and using unique pass phrases per site, and the sites are not silently truncating the password input (such as bcrypt which truncates to 72 bytes), you are not actually getting that large amount of entropy.

Where as a 16 character password that randomly uses the ASCII printable range, excluding spaces, gives you 93^16 possible combinations. That's 31313180170800116587336013460801 passwords.

Or, very roughly, 104.6 bits of entropy. (104.6265409777285022441578006899739 bits of entropy if you want to be downright absurd about it.)

Knowing that you're doing that simply doesn't help the attacker in any meaningful way.

Bumping that to 20 characters gives you over 130 bits of entropy, or 2342388736625917052139104541473924426001 possible combinations.

This is quite simply not a viable attack surface.

Where as saying 'use pass phrases for some things' means that it is quite likely that some of your pass phrases are going to be much less secure than this.

But let's give the same numbers for properly generated random passphrases.

The xkcdpass utility can help us here.

Even picking entirely randomly, out of a large word list of 7227 words, a 6 word pass phrase only gives roughly 76 bits of entropy.

Going up to 8 words gives us roughly 102 bits of entropy, that helps a ton... Except that some of those passphrases are going to be longer than 72 bytes. So you're almost certainly losing bits of entropy.

That best case still gives you fewer bits of entropy than a 20 character randomly generated password. Unless you're trying to memorize your password, there are no benefits to alternating between randomly generated passwords with good generation settings and passphrases.

And if you're trying to memorize your passwords, you are definitely doing it wrong.

Cevilia, 11 months ago (edited 11 months ago)

The throwaway email providers I personally use are:

• If I want to receive ongoing messages and have the ability to reset passwords etc: DuckDuckGo
• If I don’t care what happens after the first email: Yopmail

i_need_a_vacation, 11 months ago

DDG is great, I've been using it for a while now, but I recently learned that I can also send mails from my main account as a @duck.com address and now I'm in love.

Kraiden, 11 months ago

Good advice for outside the fediverse too

gvasco, 11 months ago

For sure! Just with how the fediverse is composed this I found that this kind of advice now more than ever is incredibly important!

didnt_readit, 11 months ago

I totally agree with using strong unique password manager generated passwords for every server (as everyone should do for every service they use regardless) but my email has been leaked so many times by so many breaches I’m not sure I really care about that part at this point…

9284562, 11 months ago

In case you are concerned about giving up a personal email for signup, you can use temporary email generators for signing up for Lemmy as well. There are plenty available.

ShadowPouncer, 11 months ago

I use + addresses for stuff.

Well, since I run my own mail server, I tend to use _ instead of + as the separator, simply because more places will consider it a valid address.

But it's amazing how useful it is to include the name of whoever you're giving the email address to in the email address. It lets you keep getting email for stuff like password recovery. And when an address is leaked, not only can you block that one, but you also get to know who leaked it.

Which is awesome for knowing which businesses to never use again.

Nemo, 11 months ago

Adding on (because I almost did this very, very stupid thing until I stopped and thought for a moment):

If you create accounts on multiple instances with the same username, don’t use the same password. Otherwise anyone with access to one has access to all.

GunnarRunnar, 11 months ago

Passwords aren't encrypted? Or you mean if an instance's password leaks, they all leak? Because that applies to everything. Use unique passwords with every account, everywhere.

dev, 11 months ago

I don’t have enough desire to check, but I’d assume they are encrypted AND salted so it’s not as easy as the top comment makes out.

If an instance was hacked, the hackers would get a hash and a salt. They’d still have to figure out what plaintext password + salt = hash.

use unique passwords with every account, everywhere.

This is the way.

ShadowPouncer, 11 months ago

The advice to always use a unique password per site is an excellent one.

The why is multifaceted, and some of them are moderately complex.

First off, not every site is going to be storing your password in a good a secure manner.

In an ideal world, every site on the planet would be hashing it with something like bcrypt with a fairly aggressive cost setting, and good salts.

And they would have a way to automatically rehash your password on login in the event that the password hashing settings change. (Almost everyone misses this one.)

In practice... It could be stored in plain text. It could be hashed with classic crypt(), or with md5 or sha1 with no salt. There are so many ways to get it wrong.

On the rehashing one, they could have picked something that was best practices at the time, you setup your account, and then two years later, best practices have changed, it turns out that there was a way to attack the previous way, so they change how they do it... And that's great for everyone who changes their password or sets up a new account after that change, but everyone who did it before that change? Well, those passwords are just sitting there hashed by the old method indefinitely.

Or someone could compromise the site, and grab every password everyone enters.

Or you could fall prey to a phishing attack, and type your login to what looks exactly like the site in question, but is infact a common typo of the real domain.

Again, there are a lot of ways for the password used on a site to get compromised. Many of those ways are entirely out of your control. It is standard practice for attackers to attempt to use that password and username / email on other services when this happens, just so that they can see what else they can get into.

Don't let that work.

gvasco, 11 months ago

For real! In any case people should always be using unique passwords for any account on any service, but yeah this is definitely understated.

Drunemeton, 11 months ago

Caution: The following requires that you have “Keychain” and “iCloud Mail” activated for your Apple ID, and are running iOS 15+, iPadOS 15+, and macOS Monterey+ on the applicable devices.

For macOS / iOS / iPadOS users you can use “Hide My Email” (aka “Sign in with Apple”) to have a randomly generated e-mail address used for sign-ups. Then you can have Keychain generate a random, strong, passcode for you to use on that particular website.

Note: If you see just an “e-mail” field on the sign-up page, and when you click in it you see a drop-down menu of your current Apple e-mail addresses, just scroll to the bottom of that list to get to “Hide My E-mail”.

After you’ve completed a sign-up on a website (not just federated, but any website) Apple will e-mail you the new e-mail address you generated and for which website is was used on. Store that in a safe place to easily keep track of what’s being used where. (You can also find them here: System > Apple ID > Hide My E-mail > Options…)

All of the above, the randomly generated e-mail addresses and passcodes for the websites, are automatically synced through iCloud to all of your devices signed into the account used to create them.

Note: The “Sign in with Apple” button is a bit weird. When you’ve used it on a website, then later go back and are asked to sign-in to your account, you’ll see the same “Sign in with Apple” button you saw originally. There’s no visual indicator on the page that you’ve used this feature before. It’s not until you select the button that the next screen will show you the e-mail address that was generated.

discodoubloon, 11 months ago

Ha ok this is fun. I do like this idea for most people. You should sign up with as little information as you need. You still must watch what you say.

I do also think you should have a federated business server before you start posting with your real name/loc

Deez, 11 months ago

It’s not very open-sourcey, but Apple include a email forwarding service called Hide My Email in their iCloud+ plans. So, you may already have access to that service.

Kissaki, 11 months ago

I like and use anonaddy.com. Unlimited free aliases.

Deez, 11 months ago

Nice, I didn’t know of them, thanks for sharing!

buco, 11 months ago

You could also use an instance that doesn’t require email for signups. Like fmhy or lemmynsfw.

GunnarRunnar, 11 months ago

Or you could use a temporary email service, though I'm not sure what the services do with the temporary addresses after they expire. If someone knows, please enlighten me.