Hi everyone.
I will show you a small tutorial about how to use JunoWallet to win money doing simple, very simple tasks.
What is JunoWallet? It is an aplication for iphone or android that gives you money and you can exchange for gift cards for itunes, PSN, or Microsoft points for XBOX...lets to the tutorial
1. download JunoWallet from your google Play
https://play.google.com/store/search?q=junowallet&c=apps
Once installed, open the app. You can access using a facebook account or create a JunoWallet account. After create or access using facebook it wil be prompted to you for some user code that invited you, put my code XX962830 to win a little more money, $0.25
On the first menu, Rewards per invite, you can add friends to join you. You can send them invite by email or your phone or connect with facebook or twitter.
On the "rewards per install" menu and you will find the apps. The most part of the money came from here. But how? Simple: Download it by clicking on it, install, open the app and close it, thats all, and junowallet will give you from $0.16 to $0.50, depends from the sponsor of the app.
click back...and now click on "rewards per fan". This menu will take you to use a simple button: Like. Yes the like button, use the like button on facebook on the links that the app shows to you and you will receive $0.25.
Go back and click on "Rewards per SponsorPay" menu. Complete the task and you recieve some token by app, each app can give you some tokens 1 token = 0.01 junowallet credit, wich means $0.01.
Go back, click on "rewards per W3i its basicaly the same as rewards per sponsorpay, download the app, install, OPEN, close it and wind the tokens.
Going back, the menu "Go Shop Using JunoCredits", takes you to shop cards
When you buy a card from the shop, it will be blocked for 24hours for some security reasons that I dont know. After the 24h you can use your card.
WARNING: some people say use my code and u get more as 0.25$. This is fake don´t believe that.
Dont forget to and use my code please XD XX962830
Thanks
sorry guys for bad English
Hi everyone.
I will show you a small tutorial about how to use JunoWallet to win money doing simple, very simple tasks.
What is JunoWallet? It is an aplication for iphone or android that gives you money and you can exchange for gift cards for itunes, PSN, or Microsoft points for XBOX...lets to the tutorial
1. download JunoWallet from your google Play
https://play.google.com/store/search?q=junowallet&c=apps
Once installed, open the app. You can access using a facebook account or create a JunoWallet account. After create or access using facebook it wil be prompted to you for some user code that invited you, put my code XX962830 to win a little more money, $0.25
On the first menu, Rewards per invite, you can add friends to join you. You can send them invite by email or your phone or connect with facebook or twitter.
On the "rewards per install" menu and you will find the apps. The most part of the money came from here. But how? Simple: Download it by clicking on it, install, open the app and close it, thats all, and junowallet will give you from $0.16 to $0.50, depends from the sponsor of the app.
click back...and now click on "rewards per fan". This menu will take you to use a simple button: Like. Yes the like button, use the like button on facebook on the links that the app shows to you and you will receive $0.25.
Go back and click on "Rewards per SponsorPay" menu. Complete the task and you recieve some token by app, each app can give you some tokens 1 token = 0.01 junowallet credit, wich means $0.01.
Go back, click on "rewards per W3i its basicaly the same as rewards per sponsorpay, download the app, install, OPEN, close it and wind the tokens.
Going back, the menu "Go Shop Using JunoCredits", takes you to shop cards
When you buy a card from the shop, it will be blocked for 24hours for some security reasons that I dont know. After the 24h you can use your card.
WARNING: some people say use my code and u get more as 0.25$. This is fake don´t believe that.
Dont forget to and use my code please XD XX962830
Thanks
sorry guys for bad English
Worried what will happen to your mails after you die Google has a solution :laugh:
Google has found a way by launching inactive account manager page that can be used as a "Digital Will". Google is asking people what they want to happen to their digital photos, documents and other virtual belongings after they die or become incapacitated.
An "Inactive Account Manager" can be used to pass information on all websites of google like Google Drive, Gmail, YouTube, or social network Google+ to a particular person after a long inactivity (or after death ). You can even set it to delete all data.
In account settings page, Google gives people the option of sharing their data with a trusted friend or family member, or having their account deleted. It even lets people specify how long to wait before taking action and sends a notification before the
"timeout" periods are ended. (but if you see that mail then i think they will not delete the account and then you have to wait for another long time for it to be deleted )
Finally, Google gives users the option to effectively "burn" their account, wiping all materials from all Google properties - including public Youtube videos, Google+ profiles and Google Voice extensions.
Users can choose 3, 6, 9, or 12 months as the timeout period and Google will send a notification to the secondary email address one month before the period is set to expire.
If that time passes, any trusted contacts will receive a personal email explaining that said individual had left them the data, including instructions on how to download it.
It is a good way to dispose off your email with too many spam's but the minimum time limit is 3 months so happy waiting.
Source:click here
Besides the issues SplashData has with their SplashID v7 android upgrade losing many customers data, there is also a very worrying security issue which splashdata ignores = and actively censors, my messages regarding this on their FB page have been deleted and I am blocked from commenting our writing there)
Here is the issue:
The new SplashID version 7 had a cloud sync feature (30 day free trial, then for a fee). When first starting the upgraded version (which may have been installed automatically on Android if one allows auto upgrades!), one first has to again enter one's email address/username, and then the password (which is the one used to encrypt one's database containing all one's private, sensitive data!). Then the upgrade asks whether one wants to try the cloud sync feature.
Even if one declines and opts to stay with the existing Wi-Fi sync feature only(which does not need a cloud account), the upgrade goes ahead and automatically creates such a cloud account on splashdata's servers.*and it uses the same password* for this. (In fact as further part of the upgrade procedure one needs to log into those cloud servers using that password after receiving an activation link in email.
So, splashdata leaks the master password which one uses to secure one's most private data (credit card pins, login password etc) into their cloud, without telling that this will be fine, not asking permission.
There is no info whether the password is stored securely (doubt it), whether it is in ask cases transmitted securely (doubt that too) and anyhow, once this has happened one had lost control over that most important password. It's burnt.in the wild, out of one's own control
Note that changing the password on one's own copy of SplashID us a good idea after that, but any old copy of one's encrypted database that might still live on any old disk backup, cloud service (dropbox etc) or SD card somewhere, us now vulnerable.
And because splashdata in their 'wisdom' associated one's email address (and thus identity) with that password, it's easier for hackers to fund it.better companies than splashdata have lost password in the past.
It is even a very bad idea to user the same password for s cloud service as one uses for securing one's private data. Forcing this into users without permission or warning is almost criminal.
Sent from my GT-N7000 using Tapatalk 2
sejtam said:
Besides the issues SplashData has with their SplashID v7 android upgrade losing many customers data, there is also a very worrying security issue which splashdata ignores = and actively censors, my messages regarding this on their FB page have been deleted and I am blocked from commenting our writing there)
Here is the issue:
The new SplashID version 7 had a cloud sync feature (30 day free trial, then for a fee). When first starting the upgraded version (which may have been installed automatically on Android if one allows auto upgrades!), one first has to again enter one's email address/username, and then the password (which is the one used to encrypt one's database containing all one's private, sensitive data!). Then the upgrade asks whether one wants to try the cloud sync feature.
Even if one declines and opts to stay with the existing Wi-Fi sync feature only(which does not need a cloud account), the upgrade goes ahead and automatically creates such a cloud account on splashdata's servers.*and it uses the same password* for this. (In fact as further part of the upgrade procedure one needs to log into those cloud servers using that password after receiving an activation link in email.
So, splashdata leaks the master password which one uses to secure one's most private data (credit card pins, login password etc) into their cloud, without telling that this will be fine, not asking permission.
There is no info whether the password is stored securely (doubt it), whether it is in ask cases transmitted securely (doubt that too) and anyhow, once this has happened one had lost control over that most important password. It's burnt.in the wild, out of one's own control
Note that changing the password on one's own copy of SplashID us a good idea after that, but any old copy of one's encrypted database that might still live on any old disk backup, cloud service (dropbox etc) or SD card somewhere, us now vulnerable.
And because splashdata in their 'wisdom' associated one's email address (and thus identity) with that password, it's easier for hackers to fund it.better companies than splashdata have lost password in the past.
It is even a very bad idea to user the same password for s cloud service as one uses for securing one's private data. Forcing this into users without permission or warning is almost criminal.
Sent from my GT-N7000 using Tapatalk 2
Click to expand...
Click to collapse
Ouch, that sounds a bad idea. If the user doesn't want a remote account made, they should respect that. Can you give me any more details about this, I would like to contact them and request some proper response to this. While they might not be leaking the plaintext password, anything that can be "opened" with your password is a significant enough leak, as it would allow an attacker to verify they have the right password.
pulser_g2 said:
Ouch, that sounds a bad idea. If the user doesn't want a remote account made, they should respect that. Can you give me any more details about this, I would like to contact them and request some proper response to this. While they might not be leaking the plaintext password, anything that can be "opened" with your password is a significant enough leak, as it would allow an attacker to verify they have the right password.
Click to expand...
Click to collapse
Not much more that I already said. I am a long-time user of their SplashID (Mac) Desktop and Android app to store all my credit card, bank acount and yes, many systems passwords in.
The database they use is encrypted with a 'master password' which one has to enter on ones' Android (or iPhone, etc) or Desktop everytime to
unlock and decrypt (in memory), so that one access the data.
The same password is used on both the mobile and desktop of course.
A few days ago, an upgrade to SplashID v7 was made available on the Google Play store. I don't allow 'automatic' updates (though I am sure a lot of folks do!), but this time I also did not really check what the upgrade offered, and clicked 'UPDGRADE ALL' when it was offered along with a nunber of other upgrades. So it got installed.
When i subsequently opened SplashID again, it told me about all the shiny new features (cloud sync etc) and as normal asked me for my password (it also asked for my email address. I though that this was for them to check my purchase/license ans what features woudl be enabled)..
I thought that it would then show me my data. But wrong. Instead it offered me a selection whether I want to use the new 'cloud sync' feature (30 day free trial, later for $$), or stay with the normal 'wifi sync'.
I opeted for the latter (because I don't trust having my data sent to the cloud).
Anyway, the next thing I get is a message: (paraphrasing) "we have created your cloud account, you will get an email and will have to verify your email). Sure enough, I get an email:
Thank you for signing up for SplashID Safe Personal Edition!
To activate your account, please verify your email address by clicking the link below: Verify Email
Then check your email for our SplashID Safe Welcome message.{/QUOTE]
The link goes to: https://www.splashid.com/personal/webclient/login.php
I had to again ther enter my email address, and *the same password* that I entered before (which I thought would be for my private data-store).
Yes, that same password was used to create my account on their cloud server, even though I opted for the Wifi Sync *only* and never
asked for a cloud-sync.
Nor did the app tell me that the same password would be used to secure that aco****.
The issues with this are self-evident:
a) my most secure password, the one used to secure my data on my mobile and on my desktop is now 'leaked' to their cloud account
b) I have *no* idea how secuerly that password was transferred (in clear, encrypted, just a hash), nor how securely it is stored
c) it clearly is linked to my cloud-account on their website, so
- someone somehow learning that password could 'verify' it by accessing that account
- if someone hacked their system and accessed their database, that link would be apparent to them
d) I have nost *all control* over securing that password myself. It is 'burnt', 'in the wild'
e) Any pass backups of my secure SplashID database that may live on SD cards of mine, on backup disks, which may have
been copied to the cloud (dropbox, others) are now vulnerable. It is no use for me to change this password here now, as
old copies that may still exist somewhere are still encrypted with this password (and I cannot change them back).
Yes, I am trying to limit exposure for that password data file as much as possible, but eg Titatium Backup may have at some point in teh past backed it up and copied a backup to the cloud (yes, that is also encrypted, but once that featire failed).
More that that, of course users who are not as security conscious may have opeted for 'could sync'.
While I have not tried this feature myself, it sounds to me like thsi does copy the teh data to SplashID's cloud and
there secures it too only with that one single password.
So many users wh may not have thought all this out may have opted for the 'CloudSync' trial, and not only have their
password 'leaked'/'burnt' now, but also have all their data in the cloud, again secured only with a password that is no longer in their sole possession.
In fact, any secure, trustworthy system would have
a) been *very* upfront about what they are going to do with the password and the cloud account
b) used a separate password to secure the cloud account
c) only stored my encrypted copy of the database in their cloud, without *them* having the password for it
d) done any syncing on the client (ie, transfer the complerte encrypted password to the mobile or desktop where the comparisonupdates would happen) and then copied back again a secured file, that was encrypted on the mobile).
Click to expand...
Click to collapse
More discussion on SplashID's own site: http://forum.splashdata.com/showthr...ically-send-in-background-to-splash-id-server
With the Google changes after May 30th, 2022 of requiring OAuth2 or 2FA/2SV/MFA/MSV authentication to log into the google mail servers using a third-party mail client but with OAuth2 requiring monetary hurdles for free app developers, what that means is we may need to consider some form of 2FA/2SV/MFA/MSV if we don't want to use OAuth2 (or, in my case, where I can't use it because it creates a google account on the phone in most implementations).
I believe that 2FA/2SV/MFA/MSV can be a variety of "different things" but I'm almost completely unfamiliar with what those multiple "else" things might be.
Can someone help us flesh out _what_ those multiple MFA things might be?
Here's a list I came up with searching about where I ask others to help flesh it out so that we each have a list of what our choices might be.
1. OAuth2 (usually using an on-device Google Account), or
2. Autoforward Google mail to a non-Google account, or,
3. 2FA/2SV/MSV/MFA via a variety of authenticators, such as...
a. app passwords
<https://support.google.com/mail/answer/185833>
b. Some kind of "2FA/2SV/MSV/MFA authenticator" app
<https://support.google.com/accounts/answer/1066447>
such as...
FreeOTP Authenticator
<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>
Google Authenticator
<https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator>
Authy
<https://play.google.com/store/apps/details?id=com.authy.authy>
FreeOTP+
<https://play.google.com/store/apps/details?id=org.liberty.android.freeotpplus>
etc.
c. USB tokens
d. Time-based one-time passwords (TOTP)
e. SMS 2FA
f. Use the phone's built-in security key
<https://support.google.com/accounts/answer/9289445>
g. Use a physical "security key"
<https://support.google.com/accounts/answer/6103523>
h. Get a one-time security code from another device
<https://support.google.com/accounts/answer/2917834>
i. Enter one of your 8-digit backup codes
<https://support.google.com/accounts/answer/1187538>
j. Sign in using QR codes
<https://support.google.com/accounts/answer/9283368>
k. Set up a "trusted computer" for sign in
<https://support.google.com/accounts/answer/2544838>
l. Sign in with "google prompts"
<https://support.google.com/accounts/answer/7026266>
m. Any others?
I realize some of these may be duplicates and others may not apply so that's why I ask others to help flesh out for everyone what exactly are the 2FA/2SV/MFA/MSV options available after May 30th 2022 for third-party MUAs to employ.