Don’t forget to try their other games if you haven’t already! It Takes Two is wonderful, and the recently released Split Fiction is my favorite of them all.

I see Tales of Symphonia, I instantly upvote.

HTTPS with no VPN:

You trust the web site to encrypt your data if and only if the web site has properly implemented encryption along with encrypted DNS traffic. Sometimes you make a connection to HTTP before you’re redirected to HTTPS. Your ISP can see what web sites you visit, but the ISP can’t see what you’re doing because the traffic is encrypted so long as encryption is implemented correctly. ISP knows you went to https://www.website.com/.

Conclusion: Your ISP knows exactly what web sites you visit, but can’t see what you’re doing on the web site (if encryption is properly configured by the web site provider).

HTTP or HTTPS with trusted VPN (e.g., Mullvad):

You trust the VPN provider. Your connections are encrypted entirely. Your ISP can’t see what web sites you’re visiting nor can they interpret your traffic.

Conclusion: Your ISP is completely blind to what you’re doing and where you’re going.

ExpressVPN:

"HTTPS is essential for security, but it can only do so much. Don’t fall into a false sense of security—there are limitations to HTTPS protection:

• HTTPS doesn’t hide what websites you visit. Your ISP or network provider can still see which sites you access, even if they can’t view what you do on them.
• HTTPS won’t protect data stored on a website. If a site suffers a data breach, HTTPS won’t prevent hackers from accessing your saved information.
• HTTPS cannot encrypt all your internet traffic. It only secures connections between your browser and a site—not your entire internet activity.
• You have no control over HTTPS. The protocol is set by website owners, so if you visit a website without HTTPS protection, there is no way for you to enable it." Source: https://www.expressvpn.com/blog/https-vs-vpn/

PureVPN:

"HTTPS:

• Encrypts data between your browser and websites.
• Protects against eavesdropping on web transactions.
• Activated automatically with ‘https://’ VPN:
• Encrypts and routes all internet traffic, including from apps.
• Protects the entire internet connection. A VPN is used to establish an encrypted connection - also referred to as tunnel - between your device and unsecure network like the Internet. Since all your traffic goes through the VPN’s server rather than that of your ISP, nobody can find out what you’re up to online. What HTTPS Cannot Do?
• Hide Your IP Address: HTTPS doesn’t mask your IP address. Websites and your ISP can still see your IP and location, whereas a VPN hides your IP, making your online presence more anonymous.
• Encrypt All Internet Traffic: HTTPS only secures data between your browser and websites. A VPN encrypts all your internet traffic, including apps and services outside your browser.
• Prevent ISP Tracking: Your ISP can still see which sites you visit with HTTPS, they just can’t see the exact content. A VPN encrypts all your traffic, preventing ISPs from tracking your web activities. https://www.purevpn.com/blog/https-vs-vpn/

Here are more sources I won’t quote, but you can read:

• https://www.zdnet.com/article/reader-question-answered-if-i-have-https-do-i-need-a-vpn/
• https://nordvpn.com/blog/https-vs-vpn/
• Mullvad. This is more advanced as the article is targeted to technical users. However, it explains how they handle encrypted DNS in their services: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

Great input and you’re absolutely correct. Very important to safeguard backups.

Use of a VPN depends on your privacy threat model.

Using VPN at all times while using the internet like one normally does is beneficial only to the extent that you encrypt your traffic and prevent your ISP from spying on you… mostly. But if you’re logging into known accounts associated with you, then it’s a moot point. Your traffic is encrypted, but your use of services leaves an easy to follow cookie trail of where you’ve been.

If your privacy threat model is much more serious, then you wouldn’t login to any known accounts while on your VPN. You wouldn’t use services that can be pinpointed to you.

Hence, use a VPN to your discretion. If you generally don’t want your ISP spying on you, keeping it on is always best practice. If you have more things to hide, you’d want to use Tor while on VPN and of course don’t use any services that could be linked to you.

Nothing much you can do except make it harder for nefarious parties to get your information. If you’re in the U.S. most of your information is public. With two pieces of info about you, you’re one Google search away from your name, physical address, schools you went to, where you’re employed, etc. You can’t stop this, so just make it harder when your data does get leaked.

Here are my best practices:

• Own my email domain name and use it for generating unlimited random aliases.
• Update old accounts using a random alias.
• Generate random usernames using a proper username generator. Unique username per account.
• If an old account email can’t be updated, changed, or deleted, spoil the information in their system by using fake info and then abandon the account (Anon O’Moose, 1234 Fake Street, Beverly Hills, CA 90210).
• One email alias per account - never shared.
• Unique passwords via a password manager (e.g., passwords like ‘Obtuse4-Entangle-Matrix’).
• Enable TOTP multi-factor authentication wherever possible.
• For legacy security questions, always use a passphrase generator for the answer, and save both the question and answer into your password manager. “In what city did you go to school?”Answer: “Bandit4-Topic-Guardian”.
• Save recovery codes for your accounts into your password manager.
• Leverage virtual credit card numbers if your provider offers it. One virtual card per account - never shared.
• Create accounts only if you have no choice.
• Submit your formal request in Opt Out Prescreen to minimise the sale of your info.
• Delete all centralised social media accounts. Instruct people to text or call you.
• Switch to Linux completely if you can. Get off Windows and Mac where possible.
• Get off iOS if you can and try to run a proper trusted degoogled OS where possible. You can experiment with Linux phones in the future, but right now it’s not mature enough yet nor is it as secure as something like Graphene OS on Pixel phones.
• Get all your data on prem only. If you choose to backup some data for safeguarding online, encrypt it before you upload it.
• If your phone number has been leaked and you’re getting multi factor code requests, excessive spam, etc. consider setting up a new phone line with new number. Then update all your accounts, employer, government records, etc. to point to the new phone number. Let your contacts know. Once satisfied, deactivate your old phone number.
• Minimise posting any personal details about yourself online. Never identify physical locations. Make up fake details about yourself, your employment, etc. Make yourself a little more anonymous by providing fake information. One day you have a pet, another day you’ve never had pets, one day you’re divorced, another day you’re 18 years old, etc. Strive to be consistently inconsistent with the data you post about yourself online. Lots of things I’ve said on Lemmy about myself are untrue, while some things are true. It’s important to not reveal personal identifiers as it is trivial for a determined actor to correlate data and pinpoint who you are.
• Never, ever have any usernames, passwords, email addresses, or security questions that have any meaningful information related to you. ALWAYS use random generators. There is only one password you need to remember, and that is the one password to your password manager. Write it down on paper using pencil (graphite lasts longer than ink) and stick it in a safe.
• Use a VPN properly and with discretion, based on your privacy threat model.

The video game was a delight! I’m hungry for more games from them after my spouse and I played their whole portfolio.

Curious how a movie adaptation will turn out.

Archived article: https://archive.is/rDbgD

In the age of information take-downs by the Fanta Menace’s Nazi regime, make sure to archive this and mirror it to Peertube and Archive.org.

YouTube link (for now, it will probably disappear in the next 48 hours): https://www.youtube.com/watch?v=jDJaymU2hfw

You can also find this on Archive.org. I won’t put the link here to help protect it from takedowns. If you have the capacity to do so, seed the torrent. Don’t let the world forget of this hilarious clown-show.

And remember - you probably feel empathy witnessing someone get bullied like this. But don’t forget what this James Bond villain is responsible for, the havoc he has caused, and the millions of lives he has disrupted. Harden your heart because these facists will NEVER change. Cyberdump man-baby emerald mine fascist Nazi jumping Tesla man deserves to get cyberbullied, and at points in the video he looks like he is going to cry; those are Crocodile Tears. He’ll hide the pain with his hundreds of billions of dollars, memes, and ketamine while sitting in his ivory tower resting his feet on Trump’s back.

Fair game to snatch the visually impaired boy’s glasses!

Accio doesn’t work on the Deathly Hallows or Horcruxes, so that would not have summoned the Cloak of Invisibility.

Already upgraded to Linux Mint - https://lemmy.world/post/24365609

It’s been going great! Everything works as I expected. I now have full confidence that I will never switch back to Windows. It really does feel liberating having an OS that doesn’t track me.

Hopefully we’ll get the true version of Tales of Symphonia! The proper 60 FPS GameCube version, and not the crappy 30 FPS ports with missing lines of dialogue.

Great questions! Seriously, those made me think for sure.

For question one, I suppose a profiler could do that. If my domain name is myemaildomain.com, they probably could track all emails and sell it collectively. But I don’t think corporations do that at this time. That would be akin to profiling all Hotmail, Gmail, Live, etc emails, appreciating those are massive services. I suppose if nefarious actors were to do that to my domain, I could consider switching domains - I have multiple domain names I own, and it’d be trivial to use the other ones. In the years I’ve been using a custom domain for email, I haven’t encountered any nefarious actors and have significantly eliminated any spam.

For question two, the domain provider I use doesn’t do that in their terms of service. However, if they did look at my MX records and decided they wanted to profile me as a user of Addy, they definitely could do that. Though it would hurt their business as many users would migrate their domains to new registrars - I certainly would move my domains to a new registrar!

When you get an email from Company A that sends to your alias email, the email goes to your inbox. When you reply to that email, your alias provider forwards it to Company A where the sender is your alias address.

In short, you simply reply and your alias service takes care of it for you so that the recipient only sees your alias email and not your true email.

I signed up with them ensuring I read their privacy policy. Based on my personal privacy threat model, I’m okay with their policy. This wouldn’t fit a more intensive threat model.

I haven’t read it recently but last I remember they do have the option to temporarily store an email in the event of a failed delivery, until it can eventually get sent to you. This is opt-in I believe, and a toggle you can enable in your account.

In the time I’ve used them I haven’t had any issues with email deliveries. Been happy with the service so far, having left SimpleLogin and Proton for political reasons.

This is what I do as well. I purchased my own custom domain name and run aliases off it using Addy. So as an example, an email for an online account would look like: random9.words@mycustomemail.com

Then I feed these accounts into a password manager so I don’t have to remember them.

All the aliases forward mail directly to my main inbox. Companies never see what my real address is. If I get spam, I know which company either sold my data or leaked my data. I can then take action by simply turning off that email alias and then spinning up a new one.

The best thing about owning your custom domain is that you’re in control and never have to change your email addresses. If I want to move to a new email provider, I can easily do that. The process, simplified:

• Buy a domain name
• Sign up for an email account at Tuta, Mailbox, etc.
• Set up your custom domain at that provider.
• Go to your Domain provider and update your MX records so that it syncs with the email provider.
• if you want to switch email providers, get a new one and then update your MX records to point to the new provider.
• If you updated your records to point to the new provider, you’re done. It’s that simple. You won’t miss an email.

Edit: All providers make it very simple to set up a custom domain. If you can follow instructions and copy and paste text, their systems will run checks to make sure you did it correctly and it’s syncing properly. Very easy for those who aren’t technical.

“You know, when I think about it… I guess there’s some good things this tyrant did. He’s still a tyrant, but there are some good things he took credit for that he did.”

Not necessarily. If you can find on Bandcamp, it’s probably best to buy from there since I heard more money goes to the artists. I buy from wherever I can find the music, and thus I’ll cycle between Bandcamp or HDTracks if I can’t find it on Qobuz.

Separately I dislike how Bandcamp embeds their name in the metadata of the tracks you buy, but it’s trivial to remove it. Just rubs me the wrong way, so most of the times if songs are on Qobuz I buy it there since they don’t do that.

MAGA:

• Vandalise Tesla. ✋ Terrorist
• Vandalise the U.S. Capitol. 👌 Patriot