this post was submitted on 28 Nov 2023
761 points (100.0% liked)

196

16276 readers
17 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 1 year ago
MODERATORS
moss@lemmy.blahaj.zone
greembow@lemmy.blahaj.zone
moss@lemmy.world
queue@beehaw.org
funky_rodent@lemmy.blahaj.zone
PeachyMcPeachface@lemmy.blahaj.zone
threegnomes@lemmy.blahaj.zone
greembow@lemmy.world
remotelove@lemmy.ca
Roflmasterbigpimp@feddit.de
qaz@lemmy.world
A_Very_Big_Fan@lemm.ee
qaz@lemmy.blahaj.zone
qaz@lemmy.ca
A_Very_Big_Fan@lemmy.world
qaz@lemmy.dbzer0.com
Qaz@lemmy.ml
qaz@sh.itjust.works
qaz@lemmy.sdf.org
761
encrulepted (retr0.id)
submitted 10 months ago* (last edited 10 months ago) by masimatutu@nerdica.net to c/196@lemmy.blahaj.zone
43 comments fedilink hide all child comments
 

retr0.id/media/bd23a2fb-c7a6-4…

alt text:

Goose chase meme. In the first frame, the goose asks "all the data is encrypted?" In the second, the goose chases a person, asking "encrypted how and with whose keys, motherfucker?"

@196

you are viewing a single comment's thread
view the rest of the comments
[–] joyjoy@lemm.ee 69 points 10 months ago (3 children)

pictured: Nothing Chats

[–] verdare@beehaw.org 31 points 10 months ago (1 children)

The fact that you have to enter your iCloud credentials directly into the app was a red flag.

Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI. This is why we have tokens and federated login. Third parties should never see your Google/Apple/whatever credentials.

[–] ALostInquirer@lemm.ee 6 points 10 months ago (1 children)

Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI.

By chance, would you (or some other passerby) happen to know how this is handled with the Lemmy apps/interfaces? I've been mixed on using them since I'm unclear how they're handling this info.

[–] verdare@beehaw.org 8 points 10 months ago* (last edited 10 months ago)

Hmmm, that’s a good point. I did type my Lemmy credentials directly into at least two different apps. I guess it would be better if it redirected to a login page provided by my instance (Beehaw). But I also don’t consider my Lemmy account to be very critical. It’s not a huge deal if it gets compromised, as long as it’s not associated with my real identity.

EDIT: Also, I use a password manager, so a leak of my randomly generated Lemmy password shouldn’t affect anything else.

[–] pineapplelover@lemm.ee 19 points 10 months ago (1 children)

Probably also whatsapp chat, imessage, and other proprietary encrypted messaging apps out there.

[–] joyjoy@lemm.ee 23 points 10 months ago (2 children)

Many chat apps actually use the Signal protocol for end to end encryption. This includes WhatsApp, Google Messages (RCS), Facebook Messenger, and Skype. iMessage doesn't seem to use it.

[–] LWD@lemm.ee 16 points 10 months ago* (last edited 9 months ago) (1 children)

deleted

[–] AVincentInSpace@pawb.social 3 points 10 months ago (1 children)

Why is end to end encryption a red flag???

[–] LWD@lemm.ee 15 points 10 months ago* (last edited 9 months ago) (1 children)

deleted

[–] AVincentInSpace@pawb.social 7 points 10 months ago (1 children)

oh, red flag for facebook, that makes sense.

but then if you care about privacy why touch anything Facebook has made at all?

[–] LWD@lemm.ee 6 points 10 months ago* (last edited 9 months ago)

deleted

[–] Lemongrab@lemmy.one 9 points 10 months ago

But we also can't check their process since they are closed source. Also, if they can decrypt in the browser or proprietary app, then they can still read your messages. Browser is vulnerable to other attacks.

[–] isVeryLoud@lemmy.ca 16 points 10 months ago

That's not even Nothing Chats' biggest problem: it's that it gets completely MITM'd by going onto some mac mini in some server farm somewhere.