Are internet security and internet privacy incompatible goals?
  • ERROR: Earth.exe has crashed@lemmy.dbzer0.comEnglish
    0·
    22 days ago

    This should be what digital ID looks like:

    -----BEGIN PGP PUBLIC KEY BLOCK-----

    mDMEZ26+ARYJKwYBBAHaRw8BAQdAsUGMjbGNUyyz9PHsHKP4xj/tIfYIuHb4miPH 0iCPpu60K0VSUk9SOiBFYXJ0aC5leGUgaGFzIGNyYXNoZWQgPG5vQGVtYWlsLmV4 ZT6IcgQTFggAGgQLCQgHAhUIAhYBAhkBBYJnbr4BAp4BApsDAAoJEI6E3uMn31Z3 028BAM5o8ER0dqTsxFlZSgZOvvgFHGuy2eFgF3rULkGKl1KrAP9fdE7WwnYbBer/ AVmw5jr0P5m/XsEQQrSueuk/FLYBBbg4BGduvgESCisGAQQBl1UBBQEBB0BDR0Bv pf4jxbwp9rVowFTnL59NGqnnh6XyF/LjAoYDGgMBCAeIYQQYFggACQWCZ26+AQKb DAAKCRCOhN7jJ99Wd1dMAP45xmN03SodkWHi7PYOORqNXJUBdMzzfsRXdqE8ZXaW vAD+PqNqPcbwJYCOEAXkg7DlZ0SX3o9MViZLdzHFQ3TpUA8= =krDh -----END PGP PUBLIC KEY BLOCK-----

    PGP Key Fingerprint: 857957d40f06cc816fd3d29a8e84dee327df5677

    Should be good until quantum computers come around

    • Zak@lemmy.worldEnglish
      0·
      22 days ago

      I’m sad PGP didn’t become a popular way to log into websites. A challenge-response protocol could have even been built into web browsers. Big tech is reinventing that idea as Passkey, but with a very big tech flavor.

        • Kusimulkku@lemm.eeEnglish
          0·
          22 days ago

          I’m already hearing about restrictions on exporting passkeys and some apps requiring that you’re not running a custom ROM on Android and stuff like that. Makes me worried they’re going to fuck that up and make it restrictive bs

          • lmmarsano@lemmynsfw.comEnglish
            1·
            21 days ago

            Passkeys or WebAuthn are an open web standard, and the implementation is flexible. An authenticator can be implemented in software, with a hardware system integrated into the client device, or off-device.

            Exportability/portability of the passkey is up to the authenticator. Bitwarden already exports them, and other authenticators likely do, too.

            WebAuthn relying parties (ie, web applications) make trust decisions by specifying characteristics of eligible authenticators & authentication responses & by checking data reported in the responses. Those decisions are left to the relying party’s discretion. I could imagine locked-down workplace environments allowing only company-approved configurations connect to internal systems.

            WebAuthn has no bearing on whether an app runs on a custom platform: that’s entirely on the developer & platform capabilities to reveal customization.