alpinefolk

@alpinefolk@sunbeam.city

He/Him

Catch up to the sun.

Runner and sailor living in Aotearoa. Interested in enjoying nature, #ecology, #regeneration and #permaculture. #plantbased #vegan.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

lauren, to random
@lauren@mastodon.laurenweinstein.org avatar

**** The Google passkeys threat model ****

So let's pull this together. Google says:

"When you create a passkey on a device, anyone with access to that device and the ability to unlock it, can sign in to your Google Account."

They then suggest keeping physical control of your devices is easier than watching for phishing attempts.

The reality is that every day many phones are stolen and successfully unlocked (or are already unlocked when stolen) by thieves. We've seen the reports lately of iPhone users being totally locked out of their Apple accounts when thieves reset security keys -- and Apple can't help.

But whether Android or iPhone, the bottom line is that as I understand this, stolen unlocked phones using passkeys for account security give the thieves complete access to those accounts, until such a time as the rightful owner manages to revoke them -- which could be hours in many situations out in public, far too late.

To me, this is putting too much faith in the physical security of the devices, when we KNOW that every day many are stolen, unlocked, and abused. Having passkeys in such situations could make even more accounts instantly vulnerable, given that the passkeys wouldn't need additional authentication to be used by the thief in these scenarios.

alpinefolk,

@lauren @mackaj nope. You can’t convince me to use biometrics to unlock my phone.

Forcing you to unlock your phone with biometric data is too easy

https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights/

alpinefolk,

@mackaj @lauren yes I agree with this

atomicpoet, to fediversenews

You like stats and graphs?

I like them quite a lot.

https://fedidb.org has recently left beta.

It helps you do a deep dive of Fediverse software and servers with good looking charts and tables!

This is another great project by @dansup.

@fediversenews

alpinefolk,

@atomicpoet @fediversenews @dansup reminds me I should spend more time on my Friendica account (and actively invite friends and family).

Also might be time to explore mastodon alternatives.

atomicpoet, to fediversenews

🎈🥳 https://calckey.org is LIVE! 🥳🎈

This is 's official landing site for the project now!

Not only does it have incredible eye candy, it really demonstrates what's so special about the project!

Use it for finding Calckey servers, compatible apps, the official app, documentation, merch, and source code!

What do you all think of this https://calckey.org?

@fediversenews

alpinefolk,

@EpiphanicSynchronicity @atomicpoet thanks for this. It was a question I had.

Mastodon, to random
@Mastodon@mastodon.social avatar

You asked for it, and it’s coming. Quote posts, search, and groups are on their way. In the meantime, check out the new onboarding experience launching today. https://blog.joinmastodon.org/2023/05/a-new-onboarding-experience-on-mastodon/

alpinefolk,

@Mastodon

“Twitter is an absolute cesspool!”

“Mastodon must be exactly the same as Twitter or it is unusable.”

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • modclub
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • GTA5RPClips
  • tacticalgear
  • normalnudes
  • tester
  • osvaldo12
  • everett
  • cubers
  • ethstaker
  • anitta
  • provamag3
  • Leos
  • cisconetworking
  • lostlight
  • All magazines
    •