Is it safe to share your password security plan with others?

The recent epidemic situation has given me enough time to reconsider my password security seriously. I have devised a detailed plan for how to use elements such as a password manager, 2FA, U2F keys, etc. in conjunction with each other to create the optimal security architecture for my personal use (according to my rather limited knowledge of information security).

Now, the plan grew to such an extent that I decided to write it down as a document, so that I remember how certain parts of it work, why they are designed in a particular way, the weak points and so on. Is it safe to show this plan to, e.g. a friend who is also interested in strengthening their security? What about a hypothetical, extreme version – to share it online?

According to the Kerckhoff’s principle, the security of a system should not depend on its secrecy. That’s what I had in mind when designing my plan. I believe that anyone competent enough to try to break my system would also not be obstructed by the lack of knowledge of the design. Its strength relies on secret keys (and some informed use of MFA), also in agreement with the principle. However, I have seen on this site that sometimes users are scolded if they reveal a lot about how they organise their security in a question.

We can easily find how AES or public-key cryptography work in a few moments. That doesn’t prevent them from being widely used and considered safe. Would the same reasoning apply to my personal scheme?

Does FB share button contain trackers?

I am considering putting a Facebook share button (shown below) on my website to encourage people to share content to their FB page.

fb share button

However, I do not want cross site trackers “bloating” my website or tracking users. This is the code I would need to put in the HTML to add the share button to my website.

<iframe src="https://www.facebook.com/plugins/share_button.php?href=https%3A%2F%2Fmywebsite.com&layout=button&size=large&width=77&height=28&appId" width="77" height="28" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowTransparency="true" allow="encrypted-media"></iframe>

Does this code contain trackers?

Is it better to mask an encryption key or share it directly?

Given a system that shares files for client-side decryption where the server does not know the encryption keys (just stores them in an encrypted form), is it – when sharing a file with a non-user – better to either

  • share the file encryption key directly (e.g. client downloads the file-specific encryption key, decrypts it and attaches it to the URL hash of the sharing URL, basically what Firefox Send is doing), or
  • additionally encrypt the file-specific encryption key with a newly generated encryption key, and share this key (client downloads the file-specific encryption key, decrypts it, re-encrypts it with the newly generated key and stores a copy of the result. The client then shares the generated key, with which the downloading client can decrypt the actual file-specific encryption key)

The benefit I see with option two is that the underlying key isn’t immediately exposed in the URL hash – the downloading client first needs to download the actual file key. However, the downloading client will still receive the actual file key, so it’s not necessarily safer and might just add an unnecessary level of abstraction.

What would be the proper way to go here?

How to share information between devices, decrypt it later with private key

I’m developing an app for alert people if they encounter covid-19 positive person. I’m very much concern about user’s privacy. So I need to make a user completely anonymous.

What is want is as follows.

Suppose there are devices A, B, C,

A, B, and C should broadcast the their own UUID via bluetooth When A, B, and C is near to each other A will have B, C UUID’s and B will get A, C’s UUID and vise versa.

Lets suppose A’s find out that A is positive for Covid-19. A will upload its UUID to a central server B and C also checks for UUID’s with the server. When B, C gets UUID list of infected person’s apps B, C will check if they match any of UUID downloaded from the server against locally saved UUID.

But in my case I don’t want the server to find out UUID of A. But somehow I need to send A’s UUID to other devices as well. Whats will be the best approach.

My Solution.

All the devices will generate public, private key pairs of their own. Each app will encrypt their UUID with the public key they have generated and broadcast to the other devices encrypted UUID + public key.

Once particular user find him positive for covid-19 he will upload his private key to the server. All the apps will download all the private keys from all the covid positive devices. and check if app’s themselves can decrypt their messages with the private key’s they have.

Will this be possible ? or what will be the best approach.

Its stupid to disclose the private key. And also it will be chaos to find appropriate public key which matches with the private key also.. But yet this was the only thing that I could think of.

Share segments to all collaborators in views from all properties

I have 20+ properties and I need to share the same set of 10+ segments to all the properties in a way any collaborator can see it in any view from any property.

From the “Segment availability”:

enter image description here

I know that I can see the same segment in any view (1st option), but can’t the collaborators won’t see it. It is also possible to make it available for all Collaborators in “this” View (3rd option), but it won’t accessible in other views.

It seems to me it is missing a 4th option “Collaborators and I can apply Segment in any View”. As far as I can see, the only way to achieve it is to copy the segments via “asset sharing” in each view and make it available for all collaborators one by one, which is a tedious task and bad for future changes.

Is there any other way to share multiple segments to all collaborators in multiple/all views?

How to create a floating social share without JS script in WordPress

I have created a social sharing button for my WordPress site with the help of some online tutorial and it works great. The sharing button perfectly appeared at the bottom of every post. Now I wanted a vertical and fixed floating social share bar for every post. How do I edit this code? so that the sharing button appears vertically on the side of each post. FYI WordPress is Genesis.

function gossip_social_sharing_buttons($  content) { global $  post; if(is_single() || is_home()){      // Get current page URL      $  gossipURL = urlencode(get_permalink());      // Get current page title     $  gossipTitle = htmlspecialchars(urlencode(html_entity_decode(get_the_title(), ENT_COMPAT, 'UTF-8')), ENT_COMPAT, 'UTF-8');     // $  gossipTitle = str_replace( ' ', '%20', get_the_title());      // Get Post Thumbnail for pinterest     $  gossipThumbnail = wp_get_attachment_image_src( get_post_thumbnail_id( $  post->ID ), 'full' );      // Construct sharing URL without using any script     $  twitterURL = 'https://twitter.com/intent/tweet?text='.$  gossipTitle.'&amp;url='.$  gossipURL.'&amp;via=ShoppersGossip';     $  facebookURL = 'https://www.facebook.com/sharer/sharer.php?u='.$  gossipURL;     $  pinterestURL = 'https://pinterest.com/pin/create/button/?url='.$  gossipURL.'&amp;media='.$  gossipThumbnail[0].'&amp;description='.$  gossipTitle;       // Add sharing button at the end of page/post content     $  content .= '<div class="gossip-social">';     $  content .= '<a class="gossip-link gossip-twitter" href="'. $  twitterURL .'" target="_blank" rel="noopener noreferrer nofollow">Twitter</a>';     $  content .= '<a class="gossip-link gossip-facebook" href="'.$  facebookURL.'" target="_blank" rel="noopener noreferrer nofollow">Facebook</a>';     $  content .= '<a class="gossip-link gossip-pinterest" href="'.$  pinterestURL.'" data-pin-custom="true" target="_blank" rel="noopener noreferrer nofollow">Pinterest</a>';     $  content .= '</div>';       return $  content; }else{     // if not a post/page then don't include sharing button     return $  content; }}; add_filter( 'the_content', 'gossip_social_sharing_buttons'); 

CSS

.gossip-link { padding: 6px 14px!important; color: #fff!important; font-size: 14px; border-radius: 3px!important; border-bottom: none!important; margin-right: 6px; cursor: pointer; margin-top: 2px; display: inline-block; text-decoration: none; font-weight: 700; }  .gossip-social { margin: 20px 0 40px; font-size: 14px; }  .gossip-link:hover { color: #fff; }  .gossip-twitter { background: #00aced; }  .gossip-twitter:hover { background: #0397d4; }  .gossip-facebook { background: #3B5997; }  .gossip-facebook:hover { background: #2d4372; }  .gossip-pinterest { background: #bd081c; }  .gossip-pinterest:hover { background: #9e0616; } 

Can anybody help, please?

Customize default Prompt options (camera to share) when I trigger camera in Firefox with code development

I am having 2 cameras in my PC. When I try to trigger camera in firefox it always opens a permission prompt box with a webcam options. But I don’t want to show the camera options in the prompt box. So Is there any customizable thingy to customize the Prompt box for firefox by updated any javascript changes (I am a developer. So want to fix it by code updation itself for my web application) Anyone please help me resolve this problem ?

How would learning Share Energy unbalance GURPS Dungeon Fantasy/DFRPG?

So, Dungeon Fantasy/DFRPG doesn’t offer Share Energy. To any character. It’s a Healing College spell, and those (barring Lend Energy and Recover Energy) are the exclusive domain of Clerics — but it’s not on the Cleric spell list in DF:1.

Share Energy can only share up to 5 FP, for a single second, at the cost to the caster of twice the amount actually used by the target — it’s useless for enchantment (which isn’t available to PCs anyway, and Q&D was deleted for the DFRPG complete game release; even NPC’s can’t make a simple magic arrow in a day). It’s specifically blocked for Ceremonial spells, where the energy is used gradually, or for Slow & Sure enchantment (same).

The only uses I can see for it in the DF environment are allowing one or more casters to work together for immediate casting of higher-cost spells — large Area spells, for instance, especially the ones with a base cost of 3 or higher.

What am I missing? How would it break the game (specifically DFRPG) to let two characters (at least one a Cleric) cooperate to cast a high cost spell only one of them knows?

Why is Share Energy left off the GURPS:DFRPG Cleric spell list?

I’m playing in a play-by-post Dungeon Fantasy/DFRPG (“Powered by GURPS”, based on 4th Ed.) game, and just built a healer who comes with an Ally, who is also a healer. DFRPG limits the entire Healing college, aside from Lend Energy and Recover Energy, to Cleric class characters only — and left Share Energy off the Cleric list (at least the one I have access to, in DF:1).

My character build has shown me there is at least one spell that is on the list, at a low Power Investiture level, that a single individual effectively can’t cast at a low point total without being a “one-trick pony” — giving up a lot of the template abilities just to empower that one spell. That spell is Final Rest, with a fatigue cost of 20.

A low point total character (say, a 187 point Ally) would be unable to cast this spell without drawing a number of hit points (in my case, with a shaved down Cleric template, I’d have to use 7 HP). The skill penalty of -1 per HP used to power a spell means this reduced-point character would be casting at effective skill 6 — not a recipe for success.

I know I can have a Power Item, but starting characters would have to spend points on Wealth (no spare points in the template) to be able to afford one large enough to avoid drawing on HP. Alternatively, I could cast as Ceremonial Magic, but that requires Skill 15 and either one or more partners with the same or higher skill (requiring duplication between the two healers), or a congregation who can contribute 1-3 FP each, depending on their abilities — and that’s a bit of a problem to travel potentially weeks from home base with.

My GM has suggested using paut (a potion found in DF:1), but as I read it, that only replaces spent fatigue, rather than letting the user store up FP prior to a casting.

Now, as things stand, I have a way to make the spell possible, by using a small Power Item to limit the number of HP required to cast when fully rested — and I’ll probably wind up going that way for this game — but I wanted to check if there was any statement from the game designers concerning why Share Energy was left off the lists?

My GM suggested it was mainly used in enchantment, but the limit of 5 FP, and the DF/DFRPG bar against wizards using Healing college, plus the complete deletion of Enchantment college for PCs make that argument a non-starter. In fact, as far as I can see, the most likely explanation is that it’s really only needed for this one spell, was either left off as an oversight, or it was preferred to force Clerics into ceremonial casting, large Power Reserve, or large Power Items — but I’d like to be sure.