retr0.id/media/bd23a2fb-c7a6-4…

alt text:

Goose chase meme. In the first frame, the goose asks “all the data is encrypted?” In the second, the goose chases a person, asking “encrypted how and with whose keys, motherfucker?”

@196

    • verdare [he/him]@beehaw.org
      link
      fedilink
      arrow-up
      31
      ·
      1 year ago

      The fact that you have to enter your iCloud credentials directly into the app was a red flag.

      Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI. This is why we have tokens and federated login. Third parties should never see your Google/Apple/whatever credentials.

      • ALostInquirer@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI.

        By chance, would you (or some other passerby) happen to know how this is handled with the Lemmy apps/interfaces? I’ve been mixed on using them since I’m unclear how they’re handling this info.

        • verdare [he/him]@beehaw.org
          link
          fedilink
          arrow-up
          8
          ·
          edit-2
          1 year ago

          Hmmm, that’s a good point. I did type my Lemmy credentials directly into at least two different apps. I guess it would be better if it redirected to a login page provided by my instance (Beehaw). But I also don’t consider my Lemmy account to be very critical. It’s not a huge deal if it gets compromised, as long as it’s not associated with my real identity.

          EDIT: Also, I use a password manager, so a leak of my randomly generated Lemmy password shouldn’t affect anything else.

      • unalivejoy@lemm.ee
        link
        fedilink
        English
        arrow-up
        23
        ·
        1 year ago

        Many chat apps actually use the Signal protocol for end to end encryption. This includes WhatsApp, Google Messages (RCS), Facebook Messenger, and Skype. iMessage doesn’t seem to use it.

        • Lemongrab@lemmy.one
          link
          fedilink
          arrow-up
          9
          ·
          1 year ago

          But we also can’t check their process since they are closed source. Also, if they can decrypt in the browser or proprietary app, then they can still read your messages. Browser is vulnerable to other attacks.

    • setVeryLoud(true);@lemmy.ca
      link
      fedilink
      arrow-up
      16
      ·
      1 year ago

      That’s not even Nothing Chats’ biggest problem: it’s that it gets completely MITM’d by going onto some mac mini in some server farm somewhere.