My God if I have to listen to my mother in law brag about how good of a “deal” her $10 (made up “retail”, $26) Tommy Bahama hand towels from TJ Max were one more time…

Are you perhaps an LLM in disguise?

On that page, you can choose “version history” to get their list of changes, unfortunately for this one all they put was “bug fixes”…

Good news though, this is an open source project, so easy enough to just go to the source…

Github issue: https://github.com/bitwarden/clients/issues/8873

And here’s all of the commits that have gone into it since 2024.5.1: https://github.com/bitwarden/clients/compare/web-v2024.5.1…desktop-v2024.6.2

For a company who has a whole schtick going where they read and critique other companies’ privacy policies, this is pretty ludicrous.

Worst thing? Someone with access to your password can now break into the associated account, and use that access to snoop or potentially permanently lock you out. E2EE data could be lost forever if they change the password and 2FA.

More likely? Unless you reuse passwords, or the associated site has been recently compromised, pretty low odds of compromise. If you suspect your 2FA has leaked, just get a new secret, easy peasy. Most reputable sites should alert you to a login on a new device, potentially giving you time to react or alerting you of snooping.

If your secret leaks without context on what site it’s associated with, then unless your name is Taylor Swift, odds of someone associating it to a site, let alone the matching password, are astronomical.

for reasons I don’t completely understand, Resilio Sync connections seem to be quicker and more reliable

Resilio runs a “relay” server to facilitate connections where neither peer has properly set up port forwarding. Only downside of Resilio is its not open source, so you just kinda have to take their privacy policy at face value. As long as op isn’t sending something super sensitive though, it probably is no big deal.

Lemmy and snarky references back to Reddit like that ex-girlfriend you’ve “totally moved on from”

You running the Trump campaign in your spare time?

Definitely no, viruses need 48-72 hours of incubation before the .mkv host becomes contagious. If the file is <24 hours old, I’d look for another source.

If you’re worried your computer might be infected, you should consider swapping your case LEDs with UV lights to purify your system.

… that they’ve disclosed so far…

I mean look you could just not use Visa right? We all have tons of other options, and they’re totally not a monopoly right? That’s why we’re not regulating them, right?

If you can’t enter a kill code and have your phone self destruct into a million pieces, can your life even be considered private?

Depends on what you are using them for.

E.g., if you maintain a Proton email account because you don’t want your emails mined for businesses to advertise at you, then you give very little info away by your bank finding out about the purchase.

If you use it because you’re engaging in activity that could be considered illegal, then your bank knowing about the purchase is probably the least of your problems if someone starts digging. Mysudo has to respond to a court order just like your bank and has access to all of the same PII

Yeah, except everyone has had it beaten into them - nobody fucks with gas prices.

Every news outlet in the country runs the same news segment practically daily - “Let’s complain about gas prices”. We’ve somehow made it the subject of basically nonstop discussion.

Funds raised will be used to offset further increases in subsidies to the domestic oil industry

If you don’t subscribe it’s pretty unlikely that you’re going to have legal grounds to sue over anything to begin with

For “safety” (of Google’s ad revenue)

capture the generated codes and time of input in some way, then brute force hashes until they generate one that produces the correct codes at x time

Given a TOTP key is usually at least 18 characters for a 6-digit code, having only one data point sticks you with something on the order of 10^28 possible keys for a given singular code (way more if case sensitive). You’d need to be regularly intercepting TOTP codes to brute force your way to the right key, and even then it’d only be valid for a single site. At that point it probably means you’ve fully compromised the connecting device or server, at which point, why do you even need the TOTP again?

Great insight, really contributing to the community

Haha friends, that’s a neat trick