If anyone wants to check, here is a video showing a Firefox dev. console (F12 key) and errors occured on https://www.openstreetmap.org/search?query=Oslo#map=8/59.973/10.723
I would like to find the causing extension without the need of disabling extensions randomly or by disabling half of extensions, then if issue solved, disable half of that half etc..
Sometimes it hels to hover over the link near the error on dev. console (F12 key), Console tab, to see moz-extension://somestring and find first characters of the string at page about:debugging#/runtime/this-firefox Though this time, it does not show that IMO (per the linked video).
If I should click something particular in a FF dev. console (F12), please guide me. Thank you.
Ok, so spending received XMR within 15 blocks (block time seems to be 2 minutes, so half a hour) is too early and spending every 6 months incoming payments in one single tx to my secondary wallet i suppose is too long time.. hmm, that is all quite complicated, I can't asses/compare these times (30 minutes vs 1 month vs 6 months) significance of the impact on anonymity. But thank you.
I will need to consolidate/sweep hundreds of transactions maybe once per year and pay it to someone in one big transaction. This big transaction is mandatory, i can not pay them in small amounts. The plan on how to proceed is already mentioned below when you search for "C)" on this page. Please if it is wrong or if you have an improvement idea (anonymity-wise), comment on that below. Thank you
Thx, I have found that the small to medium Lemmy instances are NOT aware about the post, yet most of big instances are. So it fits what has been said: "New posts and comments should always propagate if at least one user is subscribed to the community." - big instances and old instances has higher likelyhood of someone being subscibed to it prior to me posting the post, so the instance could download that post. Related topic: What are the conditions for the Lemmy post to be distributed to other Lemmy instances?
what you meant.
You have not meantioned what you have not understood, so i can tell that my question was if i should be withdrawing my receiving Monero wallet often or if is ok to withdraw it rarely. (when it comes to privacy/anonymity, which way is better, how much better or even if you want to tell why)
3 password managers at same time 🧐 :
My older version of a Firefox browser remember most of my passwords (I am ok how it works), but some important passwords are also stored in KEEpass and not in Firefox. Then there is a ProtonPass which can import both Firefox CSV and KeePass XML.
Problem with import and synchronization of these managers is that the
-
Pass is not made to deduplicate the imported data (some imported logins may already be in vaults), which requires user to delete Pass logins prior importing a .csv file (importing because file contains more up to date logins).
-
import does not contain 2FA secrets nor aliases (aliases deleted in Pass can not be restored into Pass at the time of writing - June 2024).
Firefox and Proton Pass - PROS and CONS (as of June 2024):
Quality of suggested logins:
⛔️ Firefox (old ver.) suggests all passwords saved across whole website incl. its subdomains which is messy
✅ Pass: suggests only passwords for a present page (not subdomains) = good
⛔️ Pass: does not automaticaly complete/suggest login when typing into username field and the list of saved logins is not alphabetically sorted by the username.
Speed:
✅ Firefox: shows saved logins instantly
⛔️ Pass: 1 second delay of a Proton Pass drop down menu with login username suggestions comparing to Firefox which loads immediately and gives impression that it loads even before login page finished loading. Both password managers loads at same time on user mouse click into the login field. Delay of a ProtonPass happens only when the suggestion menu should appear automatically upon loading a login page.
Registration form suggestions:
✅ Firefox: suggests previously used usernames/emails when typing, which is fine
🆗 Pass: does suggest anything when i type, as already mentioned. When I click, it suggests main ProtonMail address and allows generating unique alias which is very important key feature
🆗 Pass: password generating box shows non-important confirmation of a successfully copied password, which hides after like 2 seconds, making impossible to read the next form field during that time, which is annoying.
Login form suggestions:
⛔️ Pass: does not offer any login suggestion on a Basic HTTP Auth (.htaccess password protection of a directory) forms (popup) of mine (site: ILF admin, C*A/my)
Other:
⛔️ Pass: in Firefox i think it sometimes gets logged out requring to spend time re-login which may require 2FA auth from other device or other password manager.
✅ Pass: editing, grouping of passwords seems a bit better than Firefox
✅ Pass: Integrated 2FA
✅ Pass: Pass monitor in paid plan, password strength/leak indication
PROS vs CONS. What to do?
ProtonPass is a bit slower than Firefox, yet it has its advantages - email alias generating, 2FA....
SimpleLogin browser extension can be used for Proton aliases and if you do not need 2FA, it may be easier to stay with just Firefox, which is enough safe manager since I am already making backups of a Firefox (incl. passwords - which are also synced E2EE to the Mozilla cloud https://support.mozilla.org/en-US/kb/sync#w_is-it-secure).
Other option is to use Pass only for aliases and 2FA and inside its General settings, disable passwords saving and filling, letting Firefox do this job.
Third manager (for example KeePassXC) can serve as a backup, it can also import exports of Pass and Firefox. I guess it would be good to backup any password manager (incl. Pass) data regularly on schedule.
What are your suggestions/feedback regarding this?
After removing all passwords under three dots/kebab menu in the top corner of the page "about:logins", i wanted to import passwords from a Proton Pass to see how it works. Yet there is no import menu entry. After researching, I have found a solution that I want to share:
go to "about:config" page, and search for "signon.management.page.fileImport.enabled". Set it to true by double clicking on "false". Reload "about:logins" page to see the import menu entry under three dots corner menu.
Firefox 115.12.0esr with Pass 1.17.4
On various pages including https://lemmy.ml/signup when I click 1st time into a email or password field, Pass shows a "suggestion" box, when I click one more time into that form field, the box now fails to hide even i click outside of it. Workaround is to click into different form field.
Anyone is experiencing the same? On which platform/pass version?
https://lemmy.ml sidebar shows "4.49K Communities; 129K Posts; 557K Comments" Maybe only admin can discover accurate number of indexed pages by adding their site into a Google/Bing webmaster tools and verifying the site ownership.
I think that when I am having link like https://lemmings.world/post/10530999 or knowing a title of the post, i can not discover in which community it has been posted... When I check same number of post on different instance: https://lemmy.ml/post/10530999 it does NOT work. Yet the search works: https://lemmy.ml/search?q=10530999 is there no other/easier way than opening one big instance after another (for example from the list https://lemmyverse.net/?order=posts&open=true ) and use search like that?
What are the steps to discover it knowing ONLY lets say "lemmings.world/post/10530999" and nothing else. If that is not possible, then knowing title "Dead Lemmy instance, how/where to find backup of the post that was on the offline instance?" and mentioned URL, while not knowing parent community name or the instance from which the post originated.
Not local data, question is meant from a regular visitor point of view (not necessarily an instance admin).
Reposted from: https://lemmings.world/post/10530999
> Please what are the easiest and fastest steps in order to find backup of a currently unavailable post thanks to no longer running Lemmy instance? > > Lets say it is this post we are reading, that become offline. I am not asking for the links to instances that hosts it, but for the way on how to discover all the instances myself.
> So far I have found only this way: > 1. open largest instances list: https://lemmyverse.net/?order=posts&open=true > 2. open one after another and under magnifier button, search for the same post ID (number) as your dead link has
OF opinion: good not to be adicted to it or to anything actually.
A quick look at the https://join-lemmy.org/docs/administration/federation_getting_started.html does not answer that question. Though at least ChatGPT has an opinion (which may be misleading) 😀
> the probability of it (the post) being distributed on multiple instances depends on factors such as the popularity of the post, the number of upvotes and comments it receives, and how widely it is shared across different instances. Posts that generate a lot of engagement and discussion are more likely to be distributed on multiple instances, as they are more likely to be shared and reposted by users. Additionally, posts that are deemed relevant or controversial may also be more likely to be spread across multiple instances.
I am unsure what it means by shared (i assume just posting a link is not enough).
If that is true that reposted (often called cross-posted) post makes a fully "featured" copy/backup on a different Lemmy instance, is there anything else that does it? Thank you
Please what are the easiest and fastest steps in order to find backup of a currently unavailable post thanks to no longer running Lemmy instance?
Lets say it is this post we are reading, that become offline. I am not asking for the links to instances that hosts it, but for the way on how to discover all the instances myself.
So far I have found only this way:
-
open largest instances list: https://lemmyverse.net/?order=posts&open=true
-
open one after another and under magnifier button, search for the same post ID (number) as your dead link has. One can also search for the post title (while making sure that the search scope is everywhere, not local).
Summary: I wanted to see if I can synchronize Firefox and ProtonPass passwords. It works more or less. One just need to pay attention to using only one or another for saving passwords and if later wanted to switch, just delete outdated app passwords database and import other app passwords. NOTE: If you choose to delete ProtonPass logins and import 3rd party logins, it will possibly NOT import your 2FA secret and aliases (you would have to move these to a separate vault before deleting everything else!
Here is exactly written on what i did and what I have faced in July 2024 (maybe later version of the Proton Pass will work better).
After backing up Firefox browser data/profile and exporting its passwords at "about:logins" page (three dots in the top corner), i have deleted all Firefox passwords (from same three dots menu). Then enabled Firefox passwords import (there were no import entry in that three dots menu) by going to "about:config" and searching for "signon.management.page.fileImport.enabled" double-clicking "false" to set it to "true". Reloaded "about:logins" page and then again using three dots menu imported the .csv export file made by the Proton Pass. Result:
New logins added: 1,808 Existing logins updated: 0 Duplicate logins found: 28 (not imported) Errors: 12 (not imported)
Under details, i could see which rows was problematic (only problem type was "Missing url") and after opening .csv file in a Calc editor i could see that the problematic rows were indeed "missing url" (or anything) in "url" row but the "name" field had the domain name. The problematic rows were almost exclusively Proton aliases (and these does not need any fixing and their later import into Proton Pass failed anyway - in the current version of the Pass that I have used), yet not knowing that at the moment, I have fixed all rows with missing url by copying name into url and prefixing with https:// using Linux command:
awk 'BEGIN{FS=OFS=","} $3=="" {$3="https://" $2} 1' "input.csv" > output_tmp && mv output_tmp "output.csv"
For Windows, this may work: for /f "tokens=1-7 delims=," %a in (input.csv) do @echo %a,%b,%c,%d,%e,%f,%g,%h,%i >> output_tmp && move /y output_tmp output.csv
Upon import of the fixed file, there was same number of errors and this time it was "Missing password".
I did insert a random passwords by modifying previous command like this: awk 'BEGIN{FS=OFS=","} $5=="" {$5="ng21@Ak" $9} 1' "input.csv" > tmp && mv tmp "output.csv"
.csv file can be opened inside LibreOffice Calc (or other table processor), where it is visible in easy to read format.
So after all, import from Proton Pass using .csv file was successful (despite a few harmless errors).
Opposite direction - synchronizing from Firefox to ProtonPass may be problematic. At least in my case was. Because Proton Pass did not delete any duplicates. So if Proton Pass is outdated and Firefox has all ProtonPass items(logins) + new items, it can be done as follows, yet please note that deleting Pass logins and importing 3rd party app logins (Firefox) will possibly not import 2FA settings, so if you are using 2FA, make sure you save private keys so you can setup it again later - keys are visible when editing login with 2FA): Export Proton Pass for backup purpose. Create new vault and move to it all email aliases (meaning aliases not regular logins). Delete vault with logins and create new one and fill it with Firefox .csv file.
I have found around 20 search engine pages worth lemmings.world pages, where one search engine page is 10 results, so in total like 200 indexed subpages of the lemmings.world ?
https://www.ecosia.org/search?q=site%3Alemmings.world&p=19
https://duckduckgo.com/?hps=1&q=site%3Alemmings.world&ia=web
Is it too low or too much considering amount of content posted here?
When there is only one vault in Proton Pass, it seems like the option to Delete vault is inactive/disabled and can not be clicked.
After creating second vault, it worked to delete first (main one). It is a bit weird, no explanation why i was unable to delete.
When I am continuously receiving small Monero payments, should I withdraw my Monero account balance (always to the same secondary XMR account of mine) more often or less often in order to ensure lower traceability of the funds?
I have read that withdrawing "account balance more often can lead to lower traceability of the funds". Is it significant? azalty@jlai.lu mentioned that "after 1 churn, there is a 1 in 16 chance (6.25%) that this transaction is yours. After 2 churns, it’s a 1 in 16x16 = 1/256 = 0.39% chance that the final output of the route is yours" But I think that what he wrote applies on a subsequent churns of "same funds" (mywalet1->mywallet2->mywallet3 = 2 churns). But when i withdraw just once per year my received balance or twice per year, does it mayke any difference (how big) in terms of anonymity/traceability?
The more outputs you have/use, to more traceable you get
Thanks for your input. ChatGPT says "using more outputs in your transactions can potentially lead to unintentional traceability if those outputs are later used in a larger transaction. This is why it is important to carefully plan and manage how you use outputs in your transactions to maximize privacy." So it confirms what you have said.
So I guess that I should avoid manually adding multiple outputs in aim to decrease chance of a tracking, I am saying that since i am usually getting small transactions and spending in big ones (which would "consolidate" small outputs and more less invalidate my anonymization effort). So I guess i will do just churning with single output to my secondary wallet and in case i want to "join" funds from "home" and "work" accounts, I can do:
C)
3rd party -> work -> work2nd
KYC'ed 3rd party -> home -> home2nd -> home3rd -> work2nd
and then spend big transaction from work2nd (or maybe i can skip the step "home3rd -> work2nd" and source the big transaction from various accounts, yet someone claimed last year "It seems that at the present moment, neither the Monero GUI/RPC/CLI wallets implement the ability to transfer from multiple addresses." and I can confirm I am unable to find it in Monero GUI [btw. it is very slow to sync (even tens of minutes if not ran for 2 weeks+), i am NOT running node and i am using Tor proxy inside it]. Feedback to what I have written is much appreciated.
Hello,
if I am using several Monero receiving accounts (like “cash”, “work”, “trading”, “mining”, “donations”) and for each of the account i have secondary account into which i repeatedly sweep my receiving account's balance in order to churn/mix my XMR (e.g. cash -> cash2nd).
What if:
A) I "combine" the XMR again in the second "level" of my XMR accounts (account called common3rd):
cash -> cash2nd -> common3rd work -> work2nd -> common3rd trading -> trading2nd -> common3rd -> 3rd party (big payment which would combine most/all outputs)
B) I split each churning/mixing transaction into several a small outputs:
cash -> output 1 - cash2nd -> output 2 - work2nd -> output 3 - trading2nd and then spend from all these 2nd accounts in one big transaction
Is better (anonymity-wise) A or B and why or you suggest better direction?
přeposláno z: https://lemmings.world/post/10376607
> Having account on https://lemmings.world, like 10 hours ago I have been trying to post a reply in a community that is hosted on a different instance (monero.town), the progress wheel was constantly turning on the Repply button and the browser developer console (F12) shown Error 502 Bad gateway ("invalid response from the upstream server" - https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/502). "Bad gateway" error is shown by the Lemmy on login form at lemmings.world. > > That turning wheel also appears on a new post/topic submission button (creating topic on external lemmy.ml community being on lemmings.world ). > > After trying to search in my home instance, https://lemmings.world/search?q=502+error&type=All&listingType=All&page=1&sort=TopAll It output nothing and the console again shown Error 502:
> ... > > GET https://lemmings.world/api/v3/resolve_object?q=502 error [HTTP/1.1 502 Bad Gateway 0ms] > > XHRGET https://lemmings.world/api/v3/user/report_count? [HTTP/1.1 502 Bad Gateway 0ms] > ... >
přeposláno z: https://lemmings.world/post/10376607
> Having account on https://lemmings.world, like 10 hours ago I have been trying to post a reply in a community that is hosted on a different instance (monero.town), the progress wheel was constantly turning on the Repply button and the browser developer console (F12) shown Error 502 Bad gateway ("invalid response from the upstream server" - https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/502). "Bad gateway" error is also shown by the Lemmy on login form at lemmings.world. > > That turning wheel also appears on a new post/topic submission button (creating topic on external lemmy.ml community being on lemmings.world ). > > After trying to search in my home instance, https://lemmings.world/search?q=502+error&type=All&listingType=All&page=1&sort=TopAll It output nothing and the console again shown Error 502:
> ... > > GET https://lemmings.world/api/v3/resolve_object?q=502 error [HTTP/1.1 502 Bad Gateway 0ms] > > XHRGET https://lemmings.world/api/v3/user/report_count? [HTTP/1.1 502 Bad Gateway 0ms] > ... >
don’t use a churn output with an unchurned output
You mean that the churning by sending from my wallet to this same wallet(i can also say account or sub account of the wallet) (sending to self) just part of its ballance, will result in churned and non churned outputs in that wallet and these will be joined together if i later (after a week) send a big transaction (or wallet sweep) causing my previous churning be pointless? Maybe in this case is better for simplicity to always churn (part or full balance - i do not know if there is any benefit in sending in parts or in full) to second account within my wallet (instead of sending to self/same address) to prevent this. And i will be sending XMR to a third parties only from that secondary account?
Maybe ask them to establish private (end to end encrypted - E2EE) communication channel by using PGP or ask them to use the service like proton.me which has E2EE mail. If they know some answer to your question, you can send them link to an password protected paste at https://bin.disroot.org
SimpleX Chat - a private and encrypted messenger without any user IDs (not even random ones)! Make a private connection via link / QR code to send messages and make calls.
Hello, is the network connection to the SimpleX network made same way as in Session messenger (single point of failure in the form of several seed/bootstrap nodes "hardocded" in the client software, the nodes which hostnames/IPs can be blocked on ISP/government firewalls) ?
If you know any detail on how it works, please link. Thank you
přeposláno z: https://lemmings.world/post/10202534
> Do i get it right on the attached image? IMO it shows US bond yield inverted curve and the subsequent economic recessions (which follows this market indicator) on all time chart. > sources: > > https://fred.stlouisfed.org/series/T10Y2Y > > https://fred.stlouisfed.org/series/NASDAQCOM > > https://www.investopedia.com/terms/y/yieldcurve.asp > > According to https://www.currentmarketvaluation.com/ the market is overvalued to strongly overvalued, so i am wondering if this crisis, that started in 2021/2022 is a longer crisis, which not yet ended and the overvalued stock price will fall down again? But more importantly, if I have misunderstood something wrong, please explain why.
Thanks, I see that the cross-posting works like this: "In order to cross post, I need to first create the post in one community, then after I create the post, I can click the two nested squares icon under the title of the post (with the pop-up text “cross post”) that shows up on mouse-over." https://lemmy.world/post/354611
Some topic communities have very low member and post count and exist across various servers under various names. Can i add single post to lets say 4 on-topic communities or is it considered a bad idea. I am aware that I may be searching across different servers and communities so the duplicity is not ideal, but in terms of exposure in small communities, I would really like to do said duplicity.
I assume that you mean to receive XMR on own wallet 1, wait for example one week, send to own wallet 2, wait a few days and then spend it (for example in an e-shop)?
According to @jet@hackertalks.com jet@hackertalks.com suggestions, i assume that to improve this, i can split the first transaction between my wallets into two payments (hours or a day delay between each) and each sent to different wallet of mine, then making sure i do not send these two outputs later into same wallet of mine, which would compromise my anonymization attempt? Is this split into 2 payments doubling the difficulty to trace the payment?
The method described in this whole post of mine can be considered very unlikely to be traced by any government in the next decade? Thank you
Thanks, I would like to be able to understand how big improvement would be to send the same or similar amount to secondary wallet of mine when comparing to direct sending mentioned by you. I think that i want above average protection, but i am unable to estimate impact (on TX traceability) of 1,2 more transactions of similar amount between my wallets and i am not enough technical to read and understand tens of technical pages of the Monero whitepaper.
I read that in order to break the trace from the sender of my Monero to the recipient of my Monero, I need to make several transactions between my wallets, for example:
someone sent me 1 XMR --> my wallet 1 --> my wallet 2 --> recipient of my 1 XMR
(that i consider 1 additional transaction in aim to break the trace)
Can anyone explain so even layman understands chance/probability of breaking the trace when doing 0,1,2 such transactions between own wallets?
I have been told that it is not safe to enable 2FA and use Pass as an authenticator. For Proton account 2FA I am using not only Pass but also KeePassXC as a backup solution (for the case when Pass logout and requires 2FA code in order to login - and in such a case you can not get the 2FA code out of Pass - chicken-egg problem). Yet when using Pass desktop app, maybe logout issue is minimized (it remember my password across reboot and paid Pass is said to work offline).
what makes you say that?
I have read it at https://www.securemessagingapps.com
lack of forward secrecy
Oxen people argument: "under typical circumstances, the only way long term keys can be compromised is through full physical device access — in which case an attacker could simply pull the already-decrypted messages from the local database. As is often said in the infosec community, physical access is total access" source: https://getsession.org/blog/session-protocol-explained
They are also saying "We will be looking at making it easier to rotate accounts as a whole" source: https://github.com/oxen-io/session-desktop/issues/2338
compromises the recipient’s long-term private key years later
Thank you. I have read that the Session is not yet using quantum-resistant cryptographic algorithm. It is using X25519 which is an elliptic curve algorithm widely used for key agreement in TLS today. As a layman, I do not expect this to be a problem for a regular user (who is no target of the US three letter agencies) in the near future.
According to https://www.securemessagingapps.com/ Session uses: X25519 / XSalsa20 256 / Poly1305
While Simplex uses: Curve25519 / XSalsa20 256 / Poly1305
and Simplex does not provide transparency report and logs timestamps/IP addresses, when comparing to Session.
I guess You mean to create new mod rights request discussion topic inside the community, where i want mod rights (seems like an unsolicited way that pings and spends time of all members)
Regarding contacting instance admins in case community has no active mods, i assume i go to parent instance (in this case https://lemmy.ml/ ) and scroll down to see the list of "admins:" in the sidebar. I click one, it says "You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user." I am unsure how to follow ext. user via my home instance yet i have found this kind of URL: https://lemmings.world/u/username@external.instance (assuming my instance lemmings.world) and on it is a New message button that seems to be working. So it does not seems to be easy to contact custom external instance user who's post i can not see on my instance. UPDATE: I can do it by using search icon and pasting: @username@external.instance (for the community, i use !community@external.instance) - this method is not apparent to a newbie
When I open certain small external community that i am subscribbed to https://lemmings.world/c/session@lemmy.ml , i see that moderator list is empty, yet when i visit same community via its parent domain https://lemmy.ml/c/session , i can see one moderator name. Clicking it, cause only page header and footer with no content https://lemmy.ml/u/Seb3thehacker , reloading page (F5) cause error couldnt_find_person. I am not logged in/nor registered on that external instance (lemmy.ml).
So this is confusing, how to become a moderator of an external community? Docs says that i do not need to register on it: "Community moderation can be done over federation, you don't need to be registered on the same instance where the community is hosted". Yet it does not explain steps to do. As I have mentioned, i am unable to contact current moderator. I guess one of my options may be to wait and see if current mod find me worthy and adds me as a mod. But i would like to know other options.
There was a security audit https://getsession.org/session-code-audit that result in this: "The overall security level of this application is good and makes it usable for privacy-concerned people."
no, when i use ! like this: https://lemmings.world/c/!qbittorrent@lemmy.ml then it returns error "couldnt_find_community"