it's open source, you can simply look at the code (or, better, at the differences with firefox)
This approach also assumes that you then compile the browser from source yourself (and also do that for each future update).
Readit Newsjlmb commented on LibreWolf – Custom version of Firefox, focused on privacy, security and freedom librewolf.net/... · Posted by u/jlpcsl
I'm glad they said it.
As a user I just despise MFA. I hate having to keep my phone with me while I work. I hate the disruption in flow logging into everyday services like AWS.
Passwords are so much better.
But you can also use passkeys from a computer, no separate mobile device needed!
And for services (like AWS) that don't (yet) support passkeys, a hardware token like a YubiKey is also an option.
“Passwords are fine” only in a theoretical world where everyone uses passwords “correctly” and securely. But in the real world people don’t, so passkeys are a much better and easier method.
I fail to understand how educating billions (?) of people about proper password hygiene is faster or simpler than moving all authentication to a “tap this button to magically log in” method.
jlmb commented on Instagram is threatening legal action against Pixelfed mastodon.social/@pixelfed... · Posted by u/mindracer
There is this additional post:
“Someone who works at Meta reached out and advised me to rename the filters asap.” [1]
So maybe the issue is simply that Pixelfed is using identical filter names.
If you keep your number private it won’t matter. In fact you could spoof the number on purpose for an extra layer of security.
Phone number verification (of any kind) is supposed to make sure that the phone number provided belongs to the account owner.
If the number is not actually validated in a secure (enough) manner, there's no point in using phone numbers at all.
You could turn the verification around. Instead of texting a value to a phone number and asking you to toe it in, you say “Text this number to 40404: 123456”
Then, wait until someone texts that number in, and salt/hash the caller ID number and compare it to what you’ve got stored. If there’s a match, then you’re authenticated.
Probably lots of issues with this from ux perspective…
I think the main problem is that SMS sender numbers can be easily spoofed (might depend on country, operator, …), so relying on “this message came from where it says it came from” is not really possible.
It might not be an issue for some types of usage, but sounds risky if used for account security/recovery/etc.
jlmb commented on Cloudflare CDN Partial Outage cloudflarestatus.com/inci... · Posted by u/ericholscher
I would have liked to read that. Instead here's what I see:
> Checking if the site connection is secure
> Enable JavaScript and cookies to continue
> blog.cloudflare.com needs to review the security of your connection before proceeding.
What does it mean to "review the security" of my connection?
Wouldn't that be my business? (Feel free to review the security of your connection by all means) :)
Why would that "need" running JavaScript here on my browser (which I don't for fairly obvious security reasons) Other websites seem to have no problem delivering basic content without that.
Also, no thank-you to cookies. We're not entering into a "session" relationship here, I merely wanted to read the document you advertised at the URL.
This is not specifically about Cloudflare’s “challenges“/etc, but —
The reality of operating a big site/service on the internet in 2022 is that it’s sometimes necessary to use methods that annoy a few people (with very non-standard browser settings) in order to protect the service as a whole from a million bots trying to attack it at any given time.
The system does not handle it. If that is a problem for you, then cryptocurrencies are not for you. In a way it's like cash. If your wallet is stolen, there is no easy way to get your money back.
In reality, a crypto wallet is better compared to a bank account, though. Most people don't carry their life savings (or comparable amounts) in cash.
I don't think I've seen this, do you have a link to learn more?
It's apparently called “proxy payment”: https://www.lhv.ee/en/proxypayment
It is true that bank transfers are fast, instant most of the time these days. However, when people want to quickly send me money, they still usually ask for paypal, simply because it’s easier to tell someone a nickname or email address than my IBAN. not that this is an unsolvable issue, just sharing my experience from Germany.
In Estonia, you can link a phone number to your IBAN. When making payments, the sender just needs a phone number, and the corresponding IBAN is automatically looked up. (The lookup service is managed by the central bank, and used by all (major) banks.)