sugar_in_your_tea

@sugar_in_your_tea@sh.itjust.works

Mama told me not to come.

She said, that ain’t the way to have fun.

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

sugar_in_your_tea OP ,

Yeah, I really need to re-backup my 2FA. Everything goes through a Google Authenticator clone, which can run on my desktop, but I haven't actually set it up.

sugar_in_your_tea OP ,

I currently store my backup keys in Bitwarden, but like you said, that's protected by my OTP solution.

I see two options here:

  • store backup keys in a completely separate way (paper in a safe, encrypted off-prem storage with security key storing that password, etc)
  • have the OTP running in lots of places - currently just my phone, but could run it on my desktop and laptop as well

The first is probably better, but I'm planning on the second because I'm less worried about a physical breach of my home by a technical attacker than me losing/breaking my phone at a really bad time and needing my wife to read off an OTP token over the phone in a pinch.

I do have a Yubikey that I don't use though, so maybe I'll try out the more secure option.

sugar_in_your_tea OP ,

I've got one, but I don't use it because the main reason I got it (secure my Vanguard account) has a simple SMS backup, so it's no more secure than SMS... My phone also doesn't have NFC and the plug is USB-A on the Yubikey, so I can only use it on my desktop unless I carry a dongle around.

But I think things are better now at other services (and USB-C security keys exist), and I'm planning to redo a lot of my online accounts. I'm also getting a new phone soonish, so NFC will be an option. Just wondering if others find value in using them.

sugar_in_your_tea OP ,

That's essentially what FIDO2 is (the security keys I'm talking about), but instead of public/private key, it's challenge/response (similar enough security-wise). More and more services support it, but unfortunately the really important ones don't (financial, government websites, etc). So you're left with mostly social media and other tech sites.

sugar_in_your_tea OP , (edited )

Yup, my computers use full disk encryption and have long passwords (>15 characters). And those passwords are different from my login passwords. I find myself not shutting down as often because it's a pain to log back in.

So they're cost competitive with Google Titan. I would go with the Yubikey in this case since they have a stronger track record, but I also don't see much of a conflict of interest with Google (they don't want your logins, they just want your Internet data).

sugar_in_your_tea OP ,

The FIDO2-only device is $25 for USB A, $30 for USB-C and supports NFC. You only need the $50+ devices if you want Yubikey OTP, OpenPGP, etc, but if you just want FIDO and FIDO2, they're overkill.

sugar_in_your_tea OP ,

Yes, they don't have OATH (not OAuth, that's a different thing), Smart Card, or PGP. I don't know what Windows uses (haven't used Windows in >10 years), but Linux can use FIDO IIRC.

sugar_in_your_tea OP ,

OnlyKey and Nitrokey seem to also be fully open source.

sugar_in_your_tea ,

You obviously didn't read it. This is specifically targeting businesses, not individuals, so you'll still be able to use Monero and whatnot to buy stuff from companies, they just need to have their crypto wallets at a custodian (presumably for tax transparency). Likewise with cash transactions, large transactions are rare and unnecessary between businesses.

sugar_in_your_tea ,

I'm pretty sure this is business to business, not customer to business. So you could still buy that €11k car, the bank would just need to deposit it instead of handing that €11k to the wholesaler in cash (they'd need to use a bank transfer for that).

I could be wrong though, it just depends on what "business transactions" means. Is it only B2B, or B2C counts too?

sugar_in_your_tea ,

Not necessarily, it's only traceable if you generate receipts on both sides. I don't know about EU law, but in the US, you only need to report cash deposits if they're over $10k, and if your deposits are always over $10k (e.g. you're a big retailer or something), another $10k here and there won't raise any eyebrows.

Cash is still king when it comes to corruption since it's easy to exchange it for favors w/o generating a receipt at all.

sugar_in_your_tea ,

That's literally what businesses do, it's called accounting. And if you read the underlying article and/or law, you'd see that this is targeting businesses, not individuals.

sugar_in_your_tea ,

I think they would be. If they're operating as a business, the requirement is that their wallet(s) is at a custodian, so all transactions can be audited. You could still donate to that charity, and that charity would still be able to sell them or use them to buy stuff from another entity, but there would be a paper trail for the charity and the businesses they interact with. It doesn't impact the person donating, only the receiver.

sugar_in_your_tea ,

This is for businesses, and businesses are required to have proper accounting and audits.

sugar_in_your_tea ,

so any business which accept crypto must KYC every one of their customers

No, any business must use a KYC custodian for their wallets. I don't think they'll need to KYC their customers, they'll just need to account for those transactions in their accounting.

So if the company accepts Monero, the Monero wallet would need to be with a custodian, but you'd be free to use Monero to buy stuff and remain anonymous. At least that's my read.

sugar_in_your_tea ,

Yeah, that's my concern as well. However, most large cash purchases are things that are tracked anyway, like vehicles, houses, etc.

Google Allows Creditors to Brick Your Phone ( lemmy.world )

I installed NetGuard about a month ago and blocked all internet to apps, unless they're on a whitelist. No notifications from this particular system app (that can't be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?...

sugar_in_your_tea ,

Nah, I truly believe he is that awkward and tone-deaf.

sugar_in_your_tea ,

This app isn't available on Google Play in your region.

Looks like I'm good.

sugar_in_your_tea ,

I get this from the Google Play store:

Looking for Device Lock Controller?

This app isn't available on Google Play in your region.

So, cool?

I bought mine from Google Fi w/ cash and have never used it on a major carrier. I'm guessing it's a carrier thing, and not a stock Android thing.

sugar_in_your_tea ,

Well yeah, you don't need to be evil to make money, but you can make more money by being evil.

So, don't be evil until you have a commanding market presence, and then be evil to make even more money.

Seems to be the MO of any large org.

sugar_in_your_tea ,

I checked and don't see it. So either my phone is too old, or is exempt since I bought from Google Fi.

sugar_in_your_tea ,

I've thought about getting one, but it'll just be a novelty until it can support MMS properly (trying to get family to switch) and battery lasts a full day. I'll need a few more apps, but I'll figure out how to get it working through emulation or something if the above are fixed.

sugar_in_your_tea ,

Mine isn't installed, but my phone is also out of support and doesn't work on newer Android. So it's probably a more recent thing.

sugar_in_your_tea ,

Same, I think my phone is too old to have it.

sugar_in_your_tea ,

From reading the comments, I think it's on all newer Android phones (perhaps Android 13+?). My phone is probably just too old.

sugar_in_your_tea ,

Sure. The only "blanket" statements I'm willing to give are limited to his work on Free Software. His statements on pretty much everything else should probably just be ignored.

sugar_in_your_tea ,

Mine doesn't appear in either for me, and I did show system apps. It must be a recent Android thing because my phone is almost 5 years old.

sugar_in_your_tea ,

Not for long. :)

sugar_in_your_tea ,

So, Poopy McPoopface?

sugar_in_your_tea ,

Agreed. If anything, if someone gets muted enough times, lemmy should generate a report to the mods and admins for review. That way serial bullys can be blocked from a community or instance, which is far more effective.

sugar_in_your_tea ,

I could go through each of your concerns, but I'll just leave it at two:

  • rich get richer - someone needs to be trusted to confirm transactions properly. Requiring some skin in the game (proof of stake, mining, etc) with a reward is the way to do it in a trustless system. This exists in fiat currencies as well, with the main winners being banks and large borrowers, so I don't see it as a serious issue.
  • energy costs - mining cryptocurrencies has a high initial energy requirement, but it scales really well in terms of transactions, so if transactions double, we'll see a modest (way less than double) increase to energy usage of the network as a whole. And in theory, mining operations would prefer cheap power, so that means whatever excess green power exists that would otherwise be wasted worldwide. There's an ethical option to mining energy usage.

The reason I'm not going to go through each is because each problem has a solution, whether that's in an already existing currency, or will go away as it scales.

Here are the real problems as I see it:

  • way too many scams - which leads to...
  • way too much volatility - most cryptocurrency users are speculators, so there's...
  • no mass of regular transactions to attract vendors

Even if we get past the FUD, we're still going to have adoption issues because of the above. And I don't have a good solution for that, but we need adoption to stabilize the currency and motivate solutions for problems.

I like the idea of cryptocurrencies, but we need a large institution to normalize it before people will adopt it, and I don't see that happening. Maybe stable coins are the way forward, IDK.

One thing I'm interested in is GNU Taler, which is a relatively simple digital transaction system that preserves payer privacy. If we could get a big institution to use it (e.g. Mozilla for micro payments to websites), people may feel more comfortable experimenting with digital currencies.

sugar_in_your_tea ,

I'm going to have to look into it again. Can you recommend any services that accept it? Most only support Bitcoin, if any (e.g. ProtonMail).

sugar_in_your_tea ,

I wouldn't say "better," just different. GNU Taler is centralized, so it's only as reliable as the issuer, whereas cryptocurrencies are as reliable as the distributed network. So Taler can't replace a fiat currency, it's just a toolkit to create your own fiat currency.

So it's great for privacy-minded folks in stable economies, but not great for international transactions or transactions where central authority isn't trusted. Essentially, cryptocurrencies are supposed to replace precious metals and whatnot for barter.

So I'm excited to see what privacy products people make with things like GNU Taler because it can be used today, but something like Monero is preferred if it can stabilize and start being accepted in more places.

sugar_in_your_tea ,

Cool, I'll check it out! I've never actually used crypto to pay for something, so this will be a fun learning opportunity if anything.

sugar_in_your_tea ,

Yup, I'm going to start small with a VPN since Mullvad supports Monero. I've been meaning to get it set up on my router for a long time on a VLAN, and this seems like a good excuse.

Not sure what's next, but might as well get started with just one.

sugar_in_your_tea ,

I'm not saying government fiat currencies shouldn't exist, just that they aren't needed for regular transactions.

Argument that monetary policy can be harmful

The natural business cycle has booms and busts, and government interference in that cycle (i.e. attempts to prevent the busts) can instead delay the busts and result in more severe downturns.

For example, look at the recent inflationary period. We had a huge bull run largely fueled by really low borrowing rates, so when things started to crash, we couldn't lower rates to encourage expansion (or at least as refused to go negative), so we instead threw money at the problem, which is an inflationary policy. The result was rapid inflation, and we had to rush to raise rates to get that back under control, and the rapid rate hikes resulted in bank failures, layoffs, and high borrowing rates. If we had instead raised rates slowly from 2014 or so and on, we could've cut rates instead of throwing stimulus money at the problem.

But the main problem with fiat currencies is that the issuing authority has a vested interest in tracking transactions. Cash isn't really a thing for digital transactions, and if the government realizes it can discourage use of cash, it will.

Fiat and cryptocurrencies can absolutely exist. Use fiat when interacting with the banking system (loans, savings, etc), and use cryptocurrencies like Monero for keeping transactions private (e.g. shopping). The government raising rates only really impacts borrowing, so companies and borrowers will use the local fiat currency and you'll get the desired effects.

what if the whole world replaced SWIFT with a private blockchain?

I'm honestly not familiar enough with international transactions to really weigh in on this. Maybe it's a good idea, IDK.

sugar_in_your_tea ,

energy wasted on solving increases exponentially

Which is balanced by decreased value of additional coins, so less interested miners should drop out.

But the energy itself is kind of misleading, because miners will flock to lower cost energy, which should primarily be excess green energy. If we actually adopt this at scale, I expect energy companies to help in mining crypto with their excess energy generation, which should work well since that excess should be fairly consistent I'm a global scale.

That said, I'm extremely interested in seeing how proof of stake works out for Ethereum, since it just seems wasteful to mine coins for verifying transactions. But I think it's a lot less wasteful than opponents make it out to be.

sugar_in_your_tea ,

I assume you're talking about blatantly illegal transactions, like trafficking or drug deals, but if that's not part of someone's threat model, is Bitcoin still reasonable private?

As in, if we remove state-level actors from the threat model, is Bitcoin still safe enough? I'm more interested in not getting doxxed for my choice in VPN, email service, etc if I choose to run for office, and Bitcoin is accepted by enough places to be useful enough.

sugar_in_your_tea ,

Not having a fiat currency isn't really as bad as people make it out to be. But we're talking about whether cryptocurrencies make fiat currencies ineffective.

Most people will likely keep using their local fiat currency because that's what credit cards, mortgages, and paychecks are denominated in. A minority (even a sizeable one) using an alternative currency won't change that. Even if most people use cryptocurrencies for transactions, the US can still require any federally backed transactions (i.e. anything touching regulated banks) to be denominated in USD.

A cryptocurrency merely keeps the fiat currency honest. If the fiat is more stable, people will keep their savings there. If the cryptocurrency is more stable (unlikely), people will switch to that and governments will react by tightening monetary policy.

Inflation numbers won't really be impacted because they'll just use some average across money exchanges to figure out the inflation figures for the fiat currency. Inflation is already benchmarked between currencies, so this doesn't change much.

So I honestly don't see much reason for change. If people move to cryptocurrencies in droves, the Treasury will just issue fewer dollars as needed to keep inflation in check.

But what we get in return is pretty great! I can now make international transactions without going through international exchanges, so fees would likely end up being lower. I can use the cryptocurrency as cash in digital transactions to maintain privacy from my bank and potentially government. If I go to a country like Argentina or Turkey, I can avoid day to day inflation. If I go to a country like Venezuela or Cuba, I don't have to play games with black market money changers to avoid government price fixing. I'm also much less likely to get my payment into compromised, so this would make things like virtual credit card numbers unnecessary because attackers knowing my payment info doesn't allow them to initiate transactions.

The main problem is many places don't accept crypto, so that's why I haven't used it much. I'm probably never going to keep a lot of my money there, but perhaps I'd load it up for a trip or monthly expenses or something.

sugar_in_your_tea ,

Well yeah, another problem is that there's always another cryptocurrency. Since there's no widely adopted coin (Bitcoin is closest), people jump to the next one hoping that they'll get in early before it takes off.

So the problem isn't that a given cryptocurrency takes too much energy, it's that speculators jump from coin to coin. I think that will settle down as well, and we'll be left with mostly serious miners looking for actual profit who optimize costs down with cheap excess energy.

So what we're looking at is kind of a worst case scenario. Bitcoin rewards halve every four years, and Bitcoin valuations are unlikely to keep up. Lots of cryptocurrencies are also switching to proof of stake. Both of these together should result in drastically less energy being used.

So I'm bullish on crypto energy usage falling going forward, even if it gains mainstream adoption as a currency (unlikely).

sugar_in_your_tea ,

And the args aren't in alphabetical order like a heathen.

sugar_in_your_tea ,

Do you know if there's an option to play music? I'm thinking YouTube video lookup, audio only.

That would be enough to get my kids excited about "having Alexa," and it would be a good gateway to automating other things.

sugar_in_your_tea ,

Cool, I'll check it out, and maybe contribute if it looks like what I'm looking for.

sugar_in_your_tea ,

Calls are infeasible because you need to get a it of different parties on board, such as:

  • land lines - probably the biggest hurdle
  • international calls
  • old mobile phones
  • everything in between

This requires a lot of coordinated work by a lot of people, and all the while the government will want backdoors for wiretaps and whatnot. It's just not going to happen. The technical problems aren't the great (if the signal is unencrypted, encrypt it; boom, legacy network support), so it's more that coordination that's an issue.

The next best option is a VoIP service that works with traditional phone numbers and encrypts everything between your device and the service. This wouldn't solve the broader problem, but encryption could be used by the service if the other end supports it. However, you'd need to only use VoIP on your phone, and the apps largely suck and there are technical issues like missing calls.

Text messages are being solved though with RCS now that Apple is on board and Google is marketing it, but unfortunately I don't think it's open enough for Linux phones to adopt, but I could be mistaken.

sugar_in_your_tea ,

Well yeah, they're water shoes, you need to wear them in the water.

sugar_in_your_tea ,

They are available, selection is just a lot more limited.

sugar_in_your_tea ,

I'm familiar with networking, with not an expert.

Here's how my network is:

  • ISP - static public address (doesn't change)
  • Router - static 10/8 addr (Ethernet at the curb); no DHCP
  • Computers - 192.168 subnets with DHCP

So websites would only get that public address for the ISP. They can still get my city through my ISP's address, but they can't uniquely identify me from the address alone.

So yeah, sites will know the city I'm in, but they can't uniquely identify me. So while I feel like I should use a VPN, I'm not that worried about it.

We're getting municipal fiber soon (sometime in the next two years), so I'm guessing this setup will change. I've already played with configuring a VPN on my network (failed at tunneling IPv6 over IPv4), so I'll probably work on that sometime this year as I'm preparing for the upgrade (also running cable, reconfiguring VLANs, etc).

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •