retr0.id/media/bd23a2fb-c7a6-4…

alt text:

Goose chase meme. In the first frame, the goose asks “all the data is encrypted?” In the second, the goose chases a person, asking “encrypted how and with whose keys, motherfucker?”

@196

    • verdare [he/him]@beehaw.org
      link
      fedilink
      arrow-up
      31
      ·
      1 year ago

      The fact that you have to enter your iCloud credentials directly into the app was a red flag.

      Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI. This is why we have tokens and federated login. Third parties should never see your Google/Apple/whatever credentials.

      • ALostInquirer@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI.

        By chance, would you (or some other passerby) happen to know how this is handled with the Lemmy apps/interfaces? I’ve been mixed on using them since I’m unclear how they’re handling this info.

        • verdare [he/him]@beehaw.org
          link
          fedilink
          arrow-up
          8
          ·
          edit-2
          1 year ago

          Hmmm, that’s a good point. I did type my Lemmy credentials directly into at least two different apps. I guess it would be better if it redirected to a login page provided by my instance (Beehaw). But I also don’t consider my Lemmy account to be very critical. It’s not a huge deal if it gets compromised, as long as it’s not associated with my real identity.

          EDIT: Also, I use a password manager, so a leak of my randomly generated Lemmy password shouldn’t affect anything else.

    • setVeryLoud(true);
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      That’s not even Nothing Chats’ biggest problem: it’s that it gets completely MITM’d by going onto some mac mini in some server farm somewhere.