My setup on GrapheneOS with all the exploit protections on except some off for apps with compatibility issues. Thoughts?

  • Lazycog@sopuli.xyz
    link
    fedilink
    arrow-up
    2
    ·
    30 days ago

    Oh shit… Damn. sorry that happened to you :(

    I do back it up with the rest of my stuff to an external hard drive, but that’s… Like once in a year so could be better.

    I have my keepass database file in my cloud that i use to sync it between phone and PC. I create a backup of all of my files on my PC + cloud folder once a year to an external hard drive. Better than nothing but probably would be better to do this more frequently 😄

    I also empty my phone from time to time and move everything I want to keep to my PC (like photos).

    • ZinQ@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      30 days ago

      Wait isn’t that defeating the purpose of KeePass? I strictly use it as a local password manager (no cloud backups and such), since I thought that was the main spelling point

      • Lazycog@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        ·
        30 days ago

        You can of course. I think the selling point is that you control it and it’s a single file that you can decide where you’ll keep it, how you access it, and what app you use to interact with it.

        I can copy, delete, move it all without needing a service for it. Can modify it offline and everything!

        I don’t host the file on a password manager dedicated cloud, it’s my own cloud space with other files I have there as well. So the file is just in my cloud space, with other files, and i have a synced folder on my phone + pc and just access that cloud folder with the file from keepassXC on my PC and keepassDX on my phone :)

        For me keepass offered a single databae file that I can decide where and how I keep it. Also works offline because the cloud syncs folders and even without internet a version exists on my phones cloud folder (until it gets synced again with internet).

        • ZinQ@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          30 days ago

          Can you give me a quick rundown of how you run your cloud space? Can I just Ubicloud + Coolify + Nextcloud?

          • Lazycog@sopuli.xyz
            link
            fedilink
            arrow-up
            2
            ·
            29 days ago

            I had not heard of ubicloud, that’s pretty cool! Thanks for the tip!

            And sure:

            I don’t self host it, I got managed owncloud space from a domain and web host provider.

            I manage my own VPS that I got from them but the cloudspace came extra with buying the domain + email services (I’ve managed email server at my job and no way in hell will I do that for myself, too much headache).

            So basically, in short, I have a managed email + owncloud space (just 5gb, don’t honestly need more) from a commercial provider and just use owncloud app on my phone and PC to sync folders on both. I keep my encrypted joplin notes and (encrypted by default) keepass database on this cloud. Owncloud takes care of syncing and I just use Joplin and KeePass on both devices and set them to use the files in owncloud folder. Never had an issue in 2 years with anything.

            Technically my provider could scan my stuff, but they won’t get anything out of joplin notes or keepass.

            Your idea for a setup sounds way more private, but i think for my usecase I’ve been happy since it’s so low effort and still does what I want it to do.

            I have seen on lemmy people recommend syncthing (https://syncthing.net/) for keepass, which directly synchronizes a folder between devices without a middleman if you wanr. But everytime you want to sync you need to have both devices on for that as there is no automatic middleman that is always available. Maybe that could be done with a raspberry pi?

            Anyway: you can easily set this up with proton if you already have proton cloud no?

            • ZinQ@lemmy.mlOP
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              29 days ago

              I’m moving away from Proton, and self hosting is cooler anyway. Instead of Proton I’m trying out Tuta, Mailbox, Addy.io and Bitwarden

              • Lazycog@sopuli.xyz
                link
                fedilink
                arrow-up
                1
                ·
                29 days ago

                That sounds like a nice stack! And true, self hosting is really nice. Just wanted to give options if you don’t feel like getting into self hosting.

                Nevertheless, good luck on your privacy journey! I’m working on it too!

      • ZinQ@lemmy.mlOP
        link
        fedilink
        arrow-up
        2
        ·
        30 days ago

        Or is the database file encrypted with a password? If not you might want to use something like VeraCrypt to encrypt and password protect the database files on the cloud

        • Lazycog@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          ·
          30 days ago

          Didn’t see this comment but: I trust enough my cloud provider + the database file is encrypted with the masterpassword you set for your keepass.

          I also use this cloud to host my Joplin notes, which are also E2EE (joplin supports it) so even if my cloud provider would take a peek it’s all encrypted.

          • ZinQ@lemmy.mlOP
            link
            fedilink
            arrow-up
            1
            ·
            30 days ago

            Ah ok, I was wondering if the database file is encrypted, ignore my comment since it was intended for if the file is unencrypted by default

    • ZinQ@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      30 days ago

      BTW I find SimpleX is great for syncing between your phone and PC. I used it with multiple computers/profiles on GOS and just created an incognito group without history and with disappearing message and that’s how I moved stuff like addresses and passwords to my PC. The app is also great for communication ofc

      • Lazycog@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        ·
        30 days ago

        Nice tip, thanks! still haven’t given simpleX a try. Mostly because it was hard enough to get family and friends to move to signal :)

        • ZinQ@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          30 days ago

          It’s AMAZING, so many settings, and I use Orbot proxy (doesn’t take VPN slot) and configure SimpleX to use it for that extra extra protection (and concurrently I use mullvadVPN for that extra extra extra protection)

      • ZinQ@lemmy.mlOP
        link
        fedilink
        arrow-up
        1
        ·
        30 days ago

        Note is that I don’t link my SimpleX to my PC but create separate profiles