cross-posted from: https://lemmings.world/post/12787893

1. SEPARATE MONERO ACCOUNTS - For privacy reason, organize own funds into accounts like “cash”, “work”, “trading”, “mining”, “donations”, etc.. And in order to later combine these individual accounts funds, sweep/withdraw each of the account balance the way, that you do NOT sweep/withdraw multiple accounts balances in a single transaction, but one transaction per account. Feather wallet may do this thanks to its "Coin control" functions? Source: https://getmonero.dev/public-address/subaddress.html ; https://docs.featherwallet.org/guides/features

2. WAIT/AGE XMR AFTER RECEIVING IT - After receiving Monero (XMR) from a 3rd party, wait some time (a few hours to a few days)

3. CHURN/MIX XMR BY SENDING IT TO OTHER OWN ACCOUNT - Churning/mixing means to send your Monero/XMR to a different account/wallet in order to make it harder for others to track you: "So after 1 churn, there is a 1 in 16 chance (6.25%) that this transaction is yours. After 2 churns, it is a 1 in 16x16 = 1/256 = 0.39% chance that the final output of the route is yours. After 3 churns, 1 in 16x16x16 = 1/4096 = 0.0244%".

   A) Send your entire (or part of) your account's balance to a different account/wallet of yours, such secret destination account won't be used for receiving 3rd party XMR (only yours).

   B) Send your entire account's balance to same account (its own address - self). In case you would send partial, you would mix churned outputs with non-churned making your anonymization effort more or less pointless.

4. WAIT/AGE CHURNED/MIXED XMR AGAIN

5. CHURN/MIX AGAIN BY SENDING TO SELF OR 3RD PARTY - In order to decrease chance (from above mentioned 6.25% to 0.39%) of output being attributed to you. When having various Monero accounts for various purposes (e.g. "work", "home"), possibly churn 2x before "merging" XMR from multiple accounts of yours, example: KYC'ed 3rd party -> MyWork -> MyWork2nd ......... 3rd party -> MyHome -> MyHome2nd -> MyHome3rd -> MyWork2nd

------

FAQ: Why it is not pointless to send Monero from/to self, meaning same account? Because sending to same account is effective in decreasing the chance of a transaction being traced (attributed to you), since "there is no way to see the address" and other person says "You can send to yourself as many times as you want, without anyone knowing you're actually doing it. Every such transaction (called "churn") puts you in a bigger crowd of possible senders." and another person claims similar "churn to your own wallet, as it is not possible to link the output to the wallet".

cross-posted from: https://lemmings.world/post/12787871

> 1. SEPARATE MONERO ACCOUNTS - For privacy reason, organize own funds into accounts like “cash”, “work”, “trading”, “mining”, “donations”, etc.. And in order to later combine these individual accounts funds, sweep/withdraw each of the account balance the way, that you do NOT sweep/withdraw multiple accounts balances in a single transaction, but one transaction per account. Feather wallet may do this thanks to its "Coin control" functions? Source: https://getmonero.dev/public-address/subaddress.html ; https://docs.featherwallet.org/guides/features > > 2. WAIT/AGE XMR AFTER RECEIVING IT - After receiving Monero (XMR) from a 3rd party, wait some time (a few hours to a few days) > > 3. CHURN/MIX XMR BY SENDING IT TO OTHER OWN ACCOUNT - Churning/mixing means to send your Monero/XMR to a different account/wallet in order to make it harder for others to track you: > "So after 1 churn, there is a 1 in 16 chance (6.25%) that this transaction is yours. After 2 churns, it is a 1 in 16x16 = 1/256 = 0.39% chance that the final output of the route is yours. After 3 churns, 1 in 16x16x16 = 1/4096 = 0.0244%". > > A) Send your entire (or part of) your account's balance to a different account/wallet of yours, such secret destination account won't be used for receiving 3rd party XMR (only yours). > > B) Send your entire account's balance to same account (its own address - self). In case you would send partial, you would mix churned outputs with non-churned making your anonymization effort more or less pointless. > > 4. WAIT/AGE CHURNED/MIXED XMR AGAIN > > 5. CHURN/MIX AGAIN BY SENDING TO SELF OR 3RD PARTY - In order to decrease chance (from above mentioned 6.25% to 0.39%) of output being attributed to you. > When having various Monero accounts for various purposes (e.g. "work", "home"), possibly churn 2x before "merging" XMR from multiple accounts of yours, example: > KYC'ed 3rd party -> MyWork -> MyWork2nd > ......... 3rd party -> MyHome -> MyHome2nd -> MyHome3rd -> MyWork2nd > > ------ > > FAQ: Why it is not pointless to send Monero from/to self, meaning same account? Because sending to same account is effective in decreasing the chance of a transaction being traced (attributed to you), since "there is no way to see the address" and other person says "You can send to yourself as many times as you want, without anyone knowing you're actually doing it. Every such transaction (called "churn") puts you in a bigger crowd of possible senders." and another person claims similar "churn to your own wallet, as it is not possible to link the output to the wallet".

1. SEPARATE MONERO ACCOUNTS - For privacy reason, organize own funds into accounts like “cash”, “work”, “trading”, “mining”, “donations”, etc.. And in order to later combine these individual accounts funds, sweep/withdraw each of the account balance the way, that you do NOT sweep/withdraw multiple accounts balances in a single transaction, but one transaction per account. Feather wallet may do this thanks to its "Coin control" functions? Source: https://getmonero.dev/public-address/subaddress.html ; https://docs.featherwallet.org/guides/features

2. WAIT/AGE XMR AFTER RECEIVING IT - After receiving Monero (XMR) from a 3rd party, wait some time (a few hours to a few days)

3. CHURN/MIX XMR BY SENDING IT TO OTHER OWN ACCOUNT - Churning/mixing means to send your Monero/XMR to a different account/wallet in order to make it harder for others to track you: "So after 1 churn, there is a 1 in 16 chance (6.25%) that this transaction is yours. After 2 churns, it is a 1 in 16x16 = 1/256 = 0.39% chance that the final output of the route is yours. After 3 churns, 1 in 16x16x16 = 1/4096 = 0.0244%".

   A) Send your entire (or part of) your account's balance to a different account/wallet of yours, such secret destination account won't be used for receiving 3rd party XMR (only yours).

   B) Send your entire account's balance to same account (its own address - self). In case you would send partial, you would mix churned outputs with non-churned making your anonymization effort more or less pointless.

4. WAIT/AGE CHURNED/MIXED XMR AGAIN

5. CHURN/MIX AGAIN BY SENDING TO SELF OR 3RD PARTY - In order to decrease chance (from above mentioned 6.25% to 0.39%) of output being attributed to you. When having various Monero accounts for various purposes (e.g. "work", "home"), possibly churn 2x before "merging" XMR from multiple accounts of yours, example: KYC'ed 3rd party -> MyWork -> MyWork2nd ......... 3rd party -> MyHome -> MyHome2nd -> MyHome3rd -> MyWork2nd

------

FAQ: Why it is not pointless to send Monero from/to self, meaning same account? Because sending to same account is effective in decreasing the chance of a transaction being traced (attributed to you), since "there is no way to see the address" and other person says "You can send to yourself as many times as you want, without anyone knowing you're actually doing it. Every such transaction (called "churn") puts you in a bigger crowd of possible senders." and another person claims similar "churn to your own wallet, as it is not possible to link the output to the wallet".

Some feedback regarding Proton VPN documentation and some confusion regarding Firefox DNS configuration:

https://protonvpn.com/support/browser-extensions#firefox says:

"By default, Firefox does not route DNS queries through the HTTPS connection to our VPN servers" and then is mentioned a workaround to fix it.

That suggest alarming thing, that ProtonVPN Firefox user has to do some custom workaround in order to be private (prevent a DNS leak).

On another hand, https://protonvpn.com/support/dns-leaks-privacy says:

"DNS queries are routed through the VPN tunnel to be resolved on our servers"

these statements are a bit confusing/contradicting (though Proton later explains that this latest statement does not apply on a browser extension VPN apps) and Proton further adds at https://protonvpn.com/support/dns-leaks-privacy/#dns-over-https that the DNS leak can happen also due to enabled DoH feature in web browser.

Solution: ProtonVPN browser extension should (if possible) warn user in case it fails to process DNS and as a result, it is leaked. Vote for this feature request

----

Another "issue" is with the above mentioned/linked workaround (here I am speaking only about Firefox), this workaround: go to "about:config into the URL bar and hit <enter>. At the warning, click Accept the risk and continue → search for network.trr.mode"

In my case I had this set that variable to 5 which means DoH "Off by choice", Proton in said tutorial suggest value 3 instead, which means (According to https://wiki.mozilla.org/Trusted_Recursive_Resolver#DNS-over-HTTPS_Prefs_in_Firefox ) "Only use TRR, never use the native resolver.".

This confuses me since it looks like an opposite to what i have now, while any DNS leak site:

https://www.dnsleaktest.com

https://ipleak.net

does NOT report leak in my case nor in case i set network.trr.mode to 3. A bit weird but i guess no big deal?

Thanks for your feedback in advance.

On my desktop computer, I have tried to use Syncthing WebUI to add my remote headless server (no GUI/display, only CLI), which was established by just running ./syncthing command. I have got the ID from the CLI output.

Yet my WebUI tells me "connection refused" and "context deadline exceeded" and the headless server output shows "rejected: unknown device" next to my connection attempt.

In a "syncthing --help" output, I am unable to find any command which would add mine defined remote machine ID and allow its connections.

I have tried to access http://headless server IP:8384/ but it timeout. I am unable to find any firewall blocking, another service on a different port is accessible.

Any idea how to proceed interconnecting the two devices simplest way?

Proton zpřístupnil svou bezplatnou soukromou VPN i pro prohlížeče založené na Firefoxu a Chrome:

Firefox:

https://addons.mozilla.org/cs/firefox/addon/proton-vpn-firefox-extension/

https://protonvpn.com/cs/download-firefox-extension

Chrome:

https://chromewebstore.google.com/detail/proton-vpn-fast-secure/jplgfhpmjnbigmhklmmbgecoobifkmpa

https://protonvpn.com/cs/download-chrome-extension

Oficiální stránky v češtině zatím nebyly aktualizovány aby z nich bylo zřejmé, že služba je nyní bezplatná, ale je, vyzkoušeno.

Pro:

• neloguje uživatelovu aktivitu
• otevřený zdrojový kód aplikací
• bez omezení dat
• anonymita a lepší soukromí kvůli používání sdílené IP serveru a šifrování:
• nikdo kdo je v ČR (poskytovatel internetu, vláda, hacker) nemůže zjistit co na internetu děláte (šifrované spojení)

Proti:

• mírné zpomalení odezvy/rychlosti internetu
• bezplatný účet může využívat VPN servery pouze v několika zemích
• bezplatný účet nezahrnuje možnost blokování sledovacích prvků a vyřazení zvolených webů z VPN

I have been told, that when entering foreign country address, I may be asked to verify passport details, I am unsure how it is when i enter russian address. I guess that when entering invalid address, I may be unable to claim my domain in case my domain registar bankrupt. Thank you in advance.

https://www.hosting.co.uk/register-domain/su-extension/ says: >.SU registry asks that companies provide a copy of the registering company's Certificate of Registration or an excerpt from the Commercial Register. Individuals are requested to provide their ID card or passport number.

https://manage.resellerclub.com/kb/answer/1336#heading_5 says: >For Individual: Registrant's Name (preferably in Russian); Passport Information: This needs to include the Document number, Issued by, Issued Date of the Passport. Birth Date: This needs to be entered as a numeric value in DD.MM.YYYY format.

https://wiki.hexonet.net/wiki/RU says: > for natural persons: passport copy (personal details and issuance data)

Middle man style services:

https://xuid.ru/domains.php - "No Personal information required."

Hello, when I use following sqlite3 commands, it returns error "cannot commit - no transaction is active" somewhere near the line "WHERE user IN (".... So I wanted to ask what to replace with what in order not to produce said error. I am not a developer and the ChatGPT (1, 2) is unable to provide working code. Can you please help?

said commands: ``` -- Start a transaction BEGIN TRANSACTION;

-- Insert missing user_permission_overrides rows INSERT INTO user_permission_overrides (room, user, write) SELECT DISTINCT ru.room, u.id, TRUE FROM room_users ru JOIN users u ON ru.user = u.id LEFT JOIN user_permission_overrides upo ON u.id = upo.user AND ru.room = upo.room WHERE u.created < strftime('%s', '2024-07-02 00:49:26') AND upo.user IS NULL;

-- Update existing user_permission_overrides rows UPDATE user_permission_overrides SET write = TRUE WHERE user IN ( SELECT id FROM users WHERE created < strftime('%s', '2024-07-02 00:49:26') );

-- Commit the transaction COMMIT;

END; ```

list of tables, schema, pragma I have pasted here please.

Kodi (20.1 (20.1.0) Git:20230316-d8f3f99cc3-dirty). Platform: Linux ARM 32-bit

was not responding after start and the Tvheadend shown no channels at http://192.168.0.2:9981/extjs.html (later I have found the disconnected antena cable).

cat /home/xbian/.kodi/temp/kodi.log (for other OS log paths check here) shown some warnings and errors, which I have all pasted here.

When i have pushed any button on the remote control (control worked and TV led indicated contact), there was no log entry added into a mentioned kodi log.

"dmesg -T" not shown any errors. After rebooting over SSH (reboot now), it started responding after boot (weird that not under first boot and second yes). But it got no reply from TVHeadend HTSP client (no signal, later I have found it is disconnected antena ;). When i went to this addon configuration, it freezed with following errors in said Kodi log:

error <general>: Repository add-on repository.universalscrapers does not have any directory and won't be able to update/serve addons! Please fix the addon.xml definition error <general>: AddOnLog: pvr.hts: Command getDiskSpace failed: Unable to stat path error <general>: GetDriveSpace: Add-on 'pvr.hts' returned an error: server error warning <general>: OnMessage: Suspiciously long time to handle GUI_MSG_PLAYBACK_STARTED (25.942558s) warning <general>: OnMessage: Suspiciously long time to handle GUI_MSG_PLAYBACK_STARTED (6.573358s) error <general>: CCurlFile::Open - <http://127.0.0.1:9981/imagecache/2403> Failed with code 404: ... Then i saw it moved to and stuck on a "stopping kodi" xbian screen. Since I have not updated a few months, i did command "sudo apt update;sudo apt upgrade" via SSH command line remotely.

it updated many packages, no "kodi" package, but "tvheadend" one

at the end of the upgrade process was: initctl: invalid command: try-restart Try `initctl --help' for more information. invoke-rc.d: initscript ntp, action "try-restart" failed. Setting up xbian-package-config-xbmc (20231115) ... Processing triggers for xbian-package-config-xbmc (20231115) ... Errors were encountered while processing: fail2ban (fail2ban has been installed by me previously and it never worked entirely, and removal is not working somehow), system rebooted itself automatically after upgrading.

After reboot, there still has been errors in the mentioned kodi log: ``` Starting Kodi (20.1 (20.1.0) Git:20230316-d8f3f99cc3-dirty). Platform: Linux ARM 32-bit info <general>: Kodi compiled 2023-03-17 by GCC 10.2.1 for Linux ARM 32-bit version 5.18.2 (332290) info <general>: Running on BCM2711 with XBian 12.0 - Bullseye, kernel: Linux ARM 32-bit version 6.1.66+ info <general>: FFmpeg version/source: 4.4.1-Kodi error <general>: GetDirectory - Error getting /home/xbian/.kodi/userdata/addon_data/pvr.nextpvr/ error <general>: GetDirectory - Error getting special://profile/addon_data/pvr.nextpvr/ error <general>: GetDirectory - Error getting /home/xbian/.kodi/userdata/addon_data/pvr.vbox/ error <general>: GetDirectory - Error getting special://profile/addon_data/pvr.vbox/ error <general>: GetDirectory - Error getting /home/xbian/.kodi/userdata/addon_data/pvr.vuplus/ error <general>: GetDirectory - Error getting special://profile/addon_data/pvr.vuplus/ info <general>: PVR Manager: Started error <general>: [2024-07-01 20:08:55,877 pyinotify ERROR] add_watch: cannot watch /run/splash WD=-1, Errno=No such file or directory (ENOENT) error <general>: AddOnLog: pvr.hts: Command getDiskSpace failed: Unable to stat path error <general>: GetDriveSpace: Add-on 'pvr.hts' returned an error: server error

```

and the screen detected no signal. After next reboot, the screen is ok. After next reboot with connected antena cable, these errors and warnings remains.

After researching all that warnings, I have this (highlighted items are unsolved):

Regarding first block of errors (DBus error: org.freedesktop.DBus.Error.InvalidArgs), someone says that there is no issue with it.

Regarding second block of errors ("Repository add-on repository.superrepo.org.gotham.all uses old schema definition for the repository extension point!"), I think i will have to contact repo admin or uninstall that repo/addons.

"POParser: missing msgstr line in entry. Failed entry", I have not found any solution to that.

Third block: (JSONRPC: Could not parse type "Setting.Details.SettingList") - someone says "can also be ignored, not skin related"

Fourth block may be related to PVR addons that i think are disabled and can not be uninstalled and has no updates. Weird.

Fifth block: (pyinotify ERROR] add_watch: cannot watch /run/splash WD=-1, Errno=No such file or directory (ENOENT)) - I have not found any solution.

Sifth/final block of errors is likely related to second block.

Reposted from: https://lemmings.world/post/10879238

> I am talking about some way to report it (without exposing my identity - using Tor browser) or let it be shutdown. > > Related Tor FAQ: https://support.torproject.org/abuse/#abuse_remove-content > > Report1: https://report.cybertip.org > > Report2: https://www.iwf.org.uk/en/uk-report/ > > Report3: https://www.inhope.org/EN#hotlineReferral > > Here is how to report bad site, in case you find any clearnet traces on the .onion site, incl. email address. > > In this particular case, I have been able to spot the ODER/BUY NOW link which lead to a clearnet site. Within a second, it then redirected to a onion site, where I have found an e-mail address. So i had 2 ways to report this (clearnet website and an e-mail). > > So run whois lookup (for example at https://who.is/whois/ for mentioned clearnet redirect domain name) and inside the output, discover which nameservers/hosting company it is using. Since it has been using Cloudflare, I have submitted the report form on Cloudflare site. Second thing is that e-mail address the paedopile worm provided on the site. I could visit that email service domain to find abuse contact. I have written steps on how i have discovered the initial link and found the e-mail so they can verify the case. > > Do you know other way when you do not find any clearnet traces?

I see that the Solana blockchain explorers:

https://solanabeach.io

https://explorer.solana.com

https://solscan.io

shows balance, transactions, individual stakes. Yet does not show total staked amount + total balance amount, ideally also in $.

I am talking about some way to report it (without exposing my identity - using Tor browser) or let it be shutdown.

Related Tor FAQ: https://support.torproject.org/abuse/#abuse_remove-content

Report1: https://report.cybertip.org

Report2: https://www.iwf.org.uk/en/uk-report/

Report3: https://www.inhope.org/EN#hotlineReferral

Here is how to report bad site, in case you find any clearnet traces on the .onion site, incl. email address.

In this particular case, I have been able to spot the ODER/BUY NOW link which lead to a clearnet site. Within a second, it then redirected to a onion site, where I have found an e-mail address. So i had 2 ways to report this (clearnet website and an e-mail).

So run whois lookup (for example at https://who.is/whois/ for mentioned clearnet redirect domain name) and inside the output, discover which nameservers/hosting company it is using. Since it has been using Cloudflare, I have submitted the report form on Cloudflare site. Second thing is that e-mail address the paedopile worm provided on the site. I could visit that email service domain to find abuse contact. I have written steps on how i have discovered the initial link and found the e-mail so they can verify the case.

Do you know other way when you do not find any clearnet traces?

beside this one

Reposted from: https://lemmings.world/post/10865023

> 1. Recognize the common signs > > • Urgent or emotionally appealing language > • Requests to send personal or financial information > • Unexpected attachments > • Untrusted shortened URLs > • Email addresses that do not match the supposed sender > • Poor writing/misspellings (less common) > > 2. Resist and report > Report suspicious messages by using the “report spam” feature. > If the message is designed to resemble an organization you trust, report the message by alerting the organization using their contact information found on their webpage. > > I have found also these phishing reporting pages: > > SITE: https://safebrowsing.google.com/safebrowsing/report_phish/ > > SITE: https://www.ncsc.gov.uk/section/about-this-website/report-scam-website > > SITE: https://www.scamwatcher.com/scam/add?type=fraudulent_website > > SITE/EMAIL: https://report.netcraft.com/report ( scam [\AT\] netcraft [\D0T\] com - for a phishing/fraud mail forwarding ) > > EMAIL: https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email#section_1 - forward phish mail to report [\AT\] phishing [\D0T\] gov [\D0T\] uk > > EMAIL: https://apwg.org/reportphishing/ ( reportphishing [\AT\] apwg [\D0T\] org - forward phishing mail as attachment if possible ) > > EMAIL: phishing-report [\AT\] us-cert [\D0T\] gov (phishing message should be sent as attachment possibly or its full source code in a message BODY.) > > OTHER: https://www.knowbe4.com/free-phish-alert (email client extension) > > feedback or new additions are welcome > > 3. Delete > Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. > The unsubscribe button could also carry a link used for phishing. Just delete > > _________________________________________________ > > Source: https://www.cisa.gov/secure-our-world/recognize-and-report-phishing > > Send this to your friends, especially internet beginners.

1. Recognize the common signs

• Urgent or emotionally appealing language • Requests to send personal or financial information • Unexpected attachments • Untrusted shortened URLs • Email addresses that do not match the supposed sender • Poor writing/misspellings (less common)

2. Resist and report Report suspicious messages by using the “report spam” feature. If the message is designed to resemble an organization you trust, report the message by alerting the organization using their contact information found on their webpage.

I have found also these phishing reporting pages:

SITE: https://safebrowsing.google.com/safebrowsing/report_phish/

SITE: https://www.ncsc.gov.uk/section/about-this-website/report-scam-website

SITE: https://www.scamwatcher.com/scam/add?type=fraudulent_website

SITE/EMAIL: https://report.netcraft.com/report ( scam [\AT\] netcraft [\D0T\] com - for a phishing/fraud mail forwarding )

EMAIL: https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email#section_1 - forward phish mail to report [\AT\] phishing [\D0T\] gov [\D0T\] uk

EMAIL: https://apwg.org/reportphishing/ ( reportphishing [\AT\] apwg [\D0T\] org - forward phishing mail as attachment if possible )

EMAIL: phishing-report [\AT\] us-cert [\D0T\] gov (phishing message should be sent as attachment possibly or its full source code in a message BODY.)

OTHER: https://www.knowbe4.com/free-phish-alert (email client extension)

feedback or new additions are welcome

3. Delete Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. The unsubscribe button could also carry a link used for phishing. Just delete

_________________________________________________

Source: https://www.cisa.gov/secure-our-world/recognize-and-report-phishing

Send this to your friends, especially internet beginners.

If anyone wants to check, here is a video showing a Firefox dev. console (F12 key) and errors occured on https://www.openstreetmap.org/search?query=Oslo#map=8/59.973/10.723

I would like to find the causing extension without the need of disabling extensions randomly or by disabling half of extensions, then if issue solved, disable half of that half etc..

Sometimes it helps to hover over the link near the error on dev. console (F12 key), Console tab, to see the moz-extension://somestring and find first characters of the string at page about:debugging#/runtime/this-firefox Though this time, it does not show that IMO (per the linked video).

If I should click something particular in a FF dev. console (F12), please guide me. Thank you.

SPAM companies like DataPacket/DataCamp, 247.ro continuing to SPAM while using IPs from RIPE, which says "RIPE NCC does not have the legal power to investigate these types of issues or take action against ISPs, other organisations or individuals. ... If you require further assistance, we suggest contacting your local law enforcement agency or seeking legal advice." I know that there are many victims of their unsolicited messages, yet why they are allowed to operate for years, law not reaching them? What one can do except submitting their IPs to:

https://www.spamcop.net

https://www.spam.org/report

https://signalants.signal-spam.fr/reportings/new

https://www.abuseipdb.com

https://cleantalk.org/blacklists

I have tried to submit to TrustPilot, but they are protecting SPAMmers.

Hello,

Feather wallet Monero synchronization (that happens after startign the Feather wallet) which is not done over Tor is enough anonymous?

3 password managers at same time 🧐 :

My older version of a Firefox browser remember most of my passwords (I am ok how it works), but some important passwords are also stored in KEEpass and not in Firefox. Then there is a ProtonPass which can import both Firefox CSV and KeePass XML.

Problem with import and synchronization of these managers is that the

1. Pass is not made to deduplicate the imported data (some imported logins may already be in vaults), which requires user to delete Pass logins prior importing a .csv file (importing because file contains more up to date logins).

2. import does not contain 2FA secrets nor aliases (aliases deleted in Pass can not be restored into Pass at the time of writing - June 2024).

Firefox and Proton Pass - PROS and CONS (as of June 2024):

Quality of suggested logins:

⛔️ Firefox (old ver.) suggests all passwords saved across whole website incl. its subdomains which is messy

✅ Pass: suggests only passwords for a present page (not subdomains) = good

⛔️ Pass: does not automaticaly complete/suggest login when typing into username field and the list of saved logins is not alphabetically sorted by the username.

Speed:

✅ Firefox: shows saved logins instantly

⛔️ Pass: 1 second delay of a Proton Pass drop down menu with login username suggestions comparing to Firefox which loads immediately and gives impression that it loads even before login page finished loading. Both password managers loads at same time on user mouse click into the login field. Delay of a ProtonPass happens only when the suggestion menu should appear automatically upon loading a login page.

Registration form suggestions:

✅ Firefox: suggests previously used usernames/emails when typing, which is fine

🆗 Pass: does suggest anything when i type, as already mentioned. When I click, it suggests main ProtonMail address and allows generating unique alias which is very important key feature

🆗 Pass: password generating box shows non-important confirmation of a successfully copied password, which hides after like 2 seconds, making impossible to read the next form field during that time, which is annoying.

Login form suggestions:

⛔️ Pass: does not offer any login suggestion on a Basic HTTP Auth (.htaccess password protection of a directory) forms (popup) of mine (site: ILF admin, C*A/my)

Other:

⛔️ Pass: in Firefox i think it sometimes gets logged out requring to spend time re-login which may require 2FA auth from other device or other password manager.

✅ Pass: editing, grouping of passwords seems a bit better than Firefox

✅ Pass: Integrated 2FA

✅ Pass: Pass monitor in paid plan, password strength/leak indication

PROS vs CONS. What to do?

ProtonPass is a bit slower than Firefox, yet it has its advantages - email alias generating, 2FA....

SimpleLogin browser extension can be used for Proton aliases and if you do not need 2FA, it may be easier to stay with just Firefox, which is enough safe manager since I am already making backups of a Firefox (incl. passwords - which are also synced E2EE to the Mozilla cloud https://support.mozilla.org/en-US/kb/sync#w_is-it-secure).

Other option is to use Pass only for aliases and 2FA and inside its General settings, disable passwords saving and filling, letting Firefox do this job.

Third manager (for example KeePassXC) can serve as a backup, it can also import exports of Pass and Firefox. I guess it would be good to backup any password manager (incl. Pass) data regularly on schedule.

What are your suggestions/feedback regarding this?