What are the risks of redirecting my email with Google Domains?

I have bought a domain from Google Domains. One of the features they offer is to redirect all email sent to that domain to any other email address of my choice. Now I’m wondering; is it secure and private?

  1. How secure is using this service? Can Google read the content of the incoming emails if they redirect them for me?

  2. Is it safer to let another site handle the email address(es) instead? For example, ProtonMail offer the possibility to receive all email sent to a domain I own. How does this option compare to telling Google to redirect the emails to my ProtonEmail account?

Are public paths/folder structures mean security risks for a website?

I’m just wondering.. Are public,visible paths/folder structures mean security risk for a website? For example, as you can see our folder structure and file names are clearly visible in our ajax calls. This code is public because it’s in a javascript file.

$  .ajax({     type: 'POST',     url: '/controllers/ajax/ajax_front_password_reset.php',     success: function (response)      {    ...  } }); 

Is it worth masking/hiding these paths? Can someone do something harmful with these types of information? For example: call the PHP page with false/harmful data or extract source files from this folder? (Front & Server side token matching is implemented, but I’m worried a bit )

What risks are there when you clear your cookies instead of logging off?

A typical web authentication workflow looks like this:

  1. User provides their credentials.
  2. Server validates credentials.
  3. If credentials are valid
    • Server generates a token.
    • Server keeps this token.
    • Server responds to the login with this token.
  4. Browser stores token.
  5. Browser makes requests with token.
  6. Server validates token and responds accordingly.

Normally, this token is stored in a cookie. The presence and validity of the token in a request lets the server know if the client making the request is authenticated. No token, no entry, which is effectively the same as not being logged in. So…

  • Can I just log out by wiping cookies instead of hitting logout?
  • What are the issues of just wiping cookies versus clicking the logout button?

Multi-Boot & BIOS Attack Vector Risks For Bitcoin Wallet Storage

I’m trying to emulate a cold storage computer for crypto assets with a multi-boot computer.

If I have multi-OS boots & the ‘cold storage’ boot is never connected to the internet when it is booted, is it possible for a compromised BIOS to store information when booted to the cold storage OS & then leak it once booted to a OS connected to the internet?

What are the risks associated with using a custom e-mail domain?

A lot of websites and companies have their own e-mail domain, hosted on their own private e-mail server such as name@mydomain.com. I was wondering if the website/company could read your e-mails if you were to use their e-mail domain, particularly if they were managed by only one person.

Recently, a friend of mine came a forum thread selling a bunch of niche, cool-sounding e-mails such asname@thighs.best or name@dalsha.bet. He bought a few and logs into the e-mails on https://mail.uselessanime.faith. Are there any risks associated with this? Can his e-mails be read?

Risks of removing the stock browser on LineageOS

I would like to get rid of the stock browser (org.lineageos.jelly) on my phone that runs LineageOS. Other threads already go into the details of removing pre-installed apps with/without root but I am wondering if there are any risks of removing the browser in particular? For instance, is the Android System WebView implementation in any way tied to the stock browser? (I’d still want to be able to use apps that use WebView.) More generally, is there anything else I’d affect by removing the stock browser?