I really want to respond to the dead comment under this.
Setting a duress password is not tedious.
AFAIK the justification for them to say "don't rely on adblockers for security/privacy" is that you can be more easily fingerprinted and those adblock lists are a moving target, vs. having better sandbox capabilities in the browser.
The rest is conjecture I don't have the motivation to debate at the moment.
As for the rest of the article... just get a second phone if this is a major concern, or wipe the phone and have it be perfectly clean when you go through customs. The only thing you need to remember is the password + a single TOTP backup code (write that one down maybe) to restore your cloud password safe (which you should have) then you can get access to all your other data from there.
More easily fingerprinted by which blocked script or request?
(Personally I prefer a whitelist on these.)
If they rely on phoning home, such as a comparison of requests on different access, that's some top notch log analysis. Expensive too, compared to just running JS.
Because I don't check every user's profile before responding.
I made an assumption based on class size. The person I was replying too stated 180-200 students. So the assumption was that they were meaning a lecture hall of 180-200 students, which is typical for a college course. That is not typical for a high school course, in which case, I'm going to go out on a limb again and say that it's 180-200 students over 5-6 ~30 student periods.
Wiz is closer to the CNAPP field instead of the software composition analysis tools you mention, Snyk would fit here for SCA.
Sysdig, Palo Alto's Prisma Cloud, or a few others compete with Wiz's CNAPP offering. Wiz also strays into some SCA and SCA-alike tooling for containers, code or XDR with their CDR/XDR products log ingest and agents available for response/quarantine.
Yes folks do and I can't understand it either. Have asked / talked through their rationale but frankly humans are irrational is my clear takeaway. I experience it mostly when folks are prompting search in family settings. These usually overlap with the no-earbuds watch-videos crowd while others are reading / napping, etc.
Bitwarden for usability. Vaultwarden if you can and prefer to self host. Being on the internet you'll have to trust someone at some point. Can reduce risk by combining strong 2FA (not SMS/Email) alongside backing up your vault.
Ensure all your passwords get reset at some point after vaulting, long randomly generated from Bitwarden extension/app is easy enough. Ensure you enable strong 2FA at each service you have an account at too.
Based on this it sounds like you exposed your resource and advertised it for others. Reverse dns, get IP, scan IP.
Probably simpler, you exposed resource on IPV4 publicly, if it exists, it'll be scanned. There's probably 100s of companies scanning entire 0.0.0.0/0 space at all times.
> Our future plans include letting you save a secure backup archive to the location of your choosing