• 0 Posts
  • 9 Comments
Joined 1 year ago
cake
Cake day: July 30th, 2023

help-circle


  • Yes you can but for people that are looking to set one up today, not someone that’s been running one for 5 years and has basically a whitelisted reputation, it takes a lot to set it up and keep your domain and IP space reputation solid, along with DKIM/SPF/etc records, all the latest stuff like Google’s new mandatory unsubscribe header that will keep coming up. Even if a couple people on your hosting provider start spamming, if they’re in the same IP space as you, You’re going to be getting filtered more heavily for using a “bad neighbor” host. The big corporate/“nonprofit” guys like Spamhaus and Google and Microsoft are basically those controlling corporations for emails, what they say in their spec pretty much goes. They’re making it h em oarder for people to set up and run their own email servers, whether that is the outright intended effect for their mandatory changes or not.

    Don’t get me started on trying to set up a business newsletter account on your new corporate mail server, holy hell, the warm-up itself is pulling hairs. There’s a reason companies like MailChimp, Zapier, et al make so much money.





  • Synnr@sopuli.xyztoSelfhosted@lemmy.worldMy new favourite password manager
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    1 year ago

    In theory, if I were to use an online solution, bad actors wouldn’t be able to pull my vault from memory.

    It’s the same issue once you login to your vault via browser extension. They have to download your vault locally on login to decrypt it when you enter your password anyway*. Even if they don’t store your vault password in memory, they either store the entire vault (unlikely for size reasons) or a more temporary key to access the vault. Local compromise is full compromise already.

    *If they don’t, then they either made a giant technological leap, or they’re storing your passwords on a simple database on their servers and that’s not what you want from a password manager.


  • Synnr@sopuli.xyztoSelfhosted@lemmy.worldMy new favourite password manager
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Yup, I have been using KeePassXC locally since (one of) the first big LastPass breaches. I thought “password manager company… they know encryption” and then kept some of the most important things stored in my vault including notes of Bitcoin seedphrases etc. Thought "even if they get hacked, they wouldn’t let anyone exfil the huge amount of data from the USER VAULT SERVER… thought “my passphrase is like 25-30 chars long, nobody will crack that”…

    5 years after my last login and I find out the breach happened, user vaults were exfil’d, the encryption was absolute shit, and the notes weren’t even encrypted.

    I don’t trust cloud companies to keep promises or know what they’re doing today. and anything self-hosted isnt Internet accessable unless it’s on dedicated hardware subnetted off and wouldn’t matter if it got hacked.