shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

243
active users

#authentication

2 posts2 participants0 posts today
Ethan Sholly<p>Self-Host Weekly (6 June 2025)</p><p>Open-sourced government apps, software updates and launches, a spotlight on <a href="https://fosstodon.org/tags/Tinyauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tinyauth</span></a> -- a simple <a href="https://fosstodon.org/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> middleware, and more in this week's self-hosted recap!</p><p><a href="https://selfh.st/weekly/2025-06-06/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">selfh.st/weekly/2025-06-06/</span><span class="invisible"></span></a></p><p><a href="https://fosstodon.org/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhost</span></a> <a href="https://fosstodon.org/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://fosstodon.org/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://fosstodon.org/tags/newsletter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>newsletter</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://fosstodon.org/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a> <a href="https://fosstodon.org/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> <a href="https://fosstodon.org/tags/homeserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homeserver</span></a> <a href="https://fosstodon.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://fosstodon.org/tags/nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nextcloud</span></a> <a href="https://fosstodon.org/tags/raspberrypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>raspberrypi</span></a> <a href="https://fosstodon.org/tags/irs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>irs</span></a> <a href="https://fosstodon.org/tags/dumbassets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dumbassets</span></a></p>
Lars Wirzenius<p>If your software stores passwords in a way that they can be retrieved, and your software isn't a password manager, your software is broken.</p><p>Verifying that a password provided by a user is correct does not require you to store the password. As an industry we knew this in 1978. It has been 0 days since I saw software that violates this.</p><p><a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cheatsheetseries.owasp.org/che</span><span class="invisible">atsheets/Password_Storage_Cheat_Sheet.html</span></a></p><p><a href="https://toot.liw.fi/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://toot.liw.fi/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://toot.liw.fi/tags/passwordStorage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwordStorage</span></a> <a href="https://toot.liw.fi/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://toot.liw.fi/tags/rant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rant</span></a></p>
Frontend Dogma<p>Passkeys for Normal People, by <span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span>:</p><p><a href="https://www.troyhunt.com/passkeys-for-normal-people/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">troyhunt.com/passkeys-for-norm</span><span class="invisible">al-people/</span></a></p><p><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://mas.to/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mas.to/tags/examples" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>examples</span></a> <a href="https://mas.to/tags/concepts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>concepts</span></a></p>
Jason<p>Very intriguing. Now that I have to use Proxmox in my home lab, I need to check this out <a href="https://www.youtube.com/watch?v=BdQ-Gz6bs3g" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=BdQ-Gz6bs3</span><span class="invisible">g</span></a>. Hope that tsidp will become production ready at one point in the future. But it seems already stable enough for development systems and home labs</p><p><a href="https://click.ba.it/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://click.ba.it/tags/idp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>idp</span></a> <a href="https://click.ba.it/tags/tailscale" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tailscale</span></a> <a href="https://click.ba.it/tags/vpn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vpn</span></a> <a href="https://click.ba.it/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a></p>
Erik van Straten<p>🚨 Identity fraud on Mastodon</p><p>Just a reminder that there is a lot of identity fraud happening on the internet, increasingly on Mastodon as well.</p><p>Often impersonators are easy to detect (like the ones below) - but sometimes existing accounts are taken over by criminals. Always keep in mind that someone on the internet interacting with you may (currently) not be who they claim to be.</p><p>This includes my account. If it does not sound like me, it may not be me. Having doubts and double checking are good habits. Reputation (good or bad) is a useful property for knowing who you're dealing with, and to help detect anomalies.</p><p>Accounts with a few or 0 followers, and hardly any or just plain pointless toots, may be bots or criminals coming after your money.</p><p>If someone appears to only follow random Mastodonts with lots of followers, either they're noobs or they're here with less friendly intentions. If they then start following possibly lonely people, they *may* be trying to gain their attention and trust - maybe for nefarious purposes.</p><p>🤔 Recently the following people started following the automated channel <a href="https://mastodon.world/@auschwitzmuseum/followers" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.world/@auschwitzmuseu</span><span class="invisible">m/followers</span></a>:</p><p>Kendal Jenner [1]<br>Jennifer Aniston [2]<br>Stephen King [3]<br>Keanu Reeves [4]<br>Keanu Reeves [5]</p><p>They all abuse the pictures of the real persons they impersonate (they're not just following the Auschwitz Memorial BTW).</p><p>[1] <a href="https://mastodon.social/@kendall01/following" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@kendall01/fol</span><span class="invisible">lowing</span></a><br>[2] <a href="https://mastodon.social/@Jenniferaniston123/following" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@Jenniferanist</span><span class="invisible">on123/following</span></a><br>[3] <a href="https://mastodon.social/@Stevenkvng/following" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@Stevenkvng/fo</span><span class="invisible">llowing</span></a><br>[4] <a href="https://mastodon.social/@keanureeves1928/following" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@keanureeves19</span><span class="invisible">28/following</span></a><br>[5] <a href="https://mastodon.social/@reeves001/following" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@reeves001/fol</span><span class="invisible">lowing</span></a> (screenshot below)</p><p><a href="https://infosec.exchange/tags/IdentityFraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityFraud</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identity</span></a> <a href="https://infosec.exchange/tags/IdentityVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityVerification</span></a> <a href="https://infosec.exchange/tags/Auschwitz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Auschwitz</span></a></p>
Bytes Europe<p>Trustly to Pilot Biometric Solution in Finland Before Rollout <a href="https://www.byteseu.com/865971/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/865971/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://pubeurope.com/tags/BiometricAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BiometricAuthentication</span></a> <a href="https://pubeurope.com/tags/biometrics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>biometrics</span></a> <a href="https://pubeurope.com/tags/DigitalTransformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalTransformation</span></a> <a href="https://pubeurope.com/tags/EMEA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EMEA</span></a> <a href="https://pubeurope.com/tags/Finland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Finland</span></a> <a href="https://pubeurope.com/tags/gaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gaming</span></a> <a href="https://pubeurope.com/tags/IdentityVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityVerification</span></a> <a href="https://pubeurope.com/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://pubeurope.com/tags/PayByBank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PayByBank</span></a> <a href="https://pubeurope.com/tags/PYMNTSNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PYMNTSNews</span></a> <a href="https://pubeurope.com/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://pubeurope.com/tags/Trustly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trustly</span></a> <a href="https://pubeurope.com/tags/TrustlyID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustlyID</span></a> <a href="https://pubeurope.com/tags/What" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>What</span></a>'sHot</p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> :</p><p>I don't want to pay a cent. Neither donate, nor via taxes.</p><p><a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114227977082449887</span></a></p><p><span class="h-card" translate="no"><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>TheDutchChief</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.</p><p>They're the ultimate manifestation of evil big tech.</p><p>They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.</p><p>DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).</p><p>Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).</p><p>However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.</p><p>Decent online authentication is HARD. Get used to it instead of denying it.</p><p>REASONS/EXAMPLES</p><p>🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a></p><p>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224264440704546</span></a></p><p>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>🔹 Lots of reasons why LE sucks:<br><a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (corrected link 09:20 UTC)</p><p>🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newly-registered-domains.abtdo</span><span class="invisible">main.com/2024-08-15-bond-newly-registered-domains-part-1/</span></a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">13.248.197.209/relations</span></a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</span></a></p><p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.</p><p>We also need better (readable) certificates identifying the responsible / accountable party for a website.</p><p>We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.</p><p>Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.</p><p>More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?Identity=mailchimp-sso</span><span class="invisible">.com</span></a>).</p><p>Note: most people do not understand certificates, like <span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@BjornW/114064</span><span class="invisible">065891034415</span></a>:<br>❝<br><span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> offers certificates to encrypt the traffic between a website &amp; your browser.<br>❞<br>2x wrong.</p><p>A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.</p><p>However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.</p><p>Will you please help me get this topic seriously on the public agenda?</p><p>Edited 09:15 UTC to add: tap "Alt" in the images for details.</p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Grumpy Website<p>We noticed you were working. How about you do a meaningless chore for us instead?</p><p><a href="https://mastodon.online/tags/Slack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Slack</span></a> <a href="https://mastodon.online/tags/Login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Login</span></a> <a href="https://mastodon.online/tags/Logout" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Logout</span></a> <a href="https://mastodon.online/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.online/tags/Popup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Popup</span></a> <a href="https://mastodon.online/tags/Timeout" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Timeout</span></a></p>
Gonçalo Valério<p>"Password reuse is rampant: nearly half of observed user logins are compromised"</p><p><a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/password-r</span><span class="invisible">euse-rampant-half-user-logins-compromised/</span></a></p><p><a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://s.ovalerio.net/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://s.ovalerio.net/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://s.ovalerio.net/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
julian<p>2FA codes sent over ActivityPub when?</p>
Georgiana Brummell<p>First, they shut down the Basic HTML site, forcing many of us to switch to clients such as Thunderbird. Now, they're using qr codes which are not only inaccessible to the blind but also to those who don't use smartphones! This is ridiculous! Yes, they do still have the option to click whether it's you trying to sign in or not (which still requires a smartphone and a carrier, which they claim to be concerned about), but how long before they remove that, too?</p><p><a href="https://www.pcmag.com/news/google-is-replacing-sms-codes-with-qr-codes-for-gmail-authentication" rel="nofollow noopener noreferrer" target="_blank">pcmag.com/news/google-is-repla…</a></p><p><a href="https://friendica.world/search?tag=accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accessibility</span></a> <a href="https://friendica.world/search?tag=Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://friendica.world/search?tag=authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://friendica.world/search?tag=blind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blind</span></a> <a href="https://friendica.world/search?tag=Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://friendica.world/search?tag=GMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GMail</span></a> <a href="https://friendica.world/search?tag=IOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOS</span></a> <a href="https://friendica.world/search?tag=Narrator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Narrator</span></a> <a href="https://friendica.world/search?tag=NVDA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NVDA</span></a> <a href="https://friendica.world/search?tag=sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sms</span></a> <a href="https://friendica.world/search?tag=Talkback" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Talkback</span></a> <a href="https://friendica.world/search?tag=technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a> <a href="https://friendica.world/search?tag=Voiceover" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Voiceover</span></a> <a href="https://friendica.world/search?tag=Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a></p>
Aral Balkan<p>New Kitten release</p><p>• Fixes redirection from sign-in page when person is already authenticated.</p><p><a href="https://kitten.small-web.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">kitten.small-web.org</span><span class="invisible"></span></a></p><p>To learn more about how Kitten automatically implements authentication for your Small Web sites and apps using public-key cryptography (so even your own server doesn’t know your secret)¹, please see the Authentication tutorial:</p><p><a href="https://kitten.small-web.org/tutorials/authentication/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kitten.small-web.org/tutorials</span><span class="invisible">/authentication/</span></a></p><p>Enjoy!</p><p>:kitten:💕</p><p>¹ The security (and privacy) of Domain/Kitten are based on a 32-byte cryptographically random secret string that only the person who owns/controls a domain knows.</p><p>This is basically a Base256-encoded ed25519 secret key where the Base256 alphabet is a set of curated emoji surrogate pairs without any special modifiers chosen mainly from the animals, plants, and food groups with some exceptions (to avoid common phobias or triggers, etc.) that we call KittenMoji.</p><p>…</p><p>When setting up a Small Web app via Domain, this key is generated in the person’s browser, on their own computer, and is never communicated to either the Domain instance or the Kitten app being installed. Instead the ed25519 public key is sent to both and signed token authentication is used when the server needs to verify the owner’s identity (e.g., before allowing access to the administration area).</p><p>The expected/encouraged behaviour is for the person to store this secret in their password manager of choice.</p><p>More: <a href="https://kitten.small-web.org/reference/#cryptographic-properties" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kitten.small-web.org/reference</span><span class="invisible">/#cryptographic-properties</span></a></p><p><a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kitten</span></a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmallWeb</span></a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmallTech</span></a> <a href="https://mastodon.ar.al/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.ar.al/tags/publicKeyCryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>publicKeyCryptography</span></a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>web</span></a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dev</span></a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.ar.al/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML</span></a> <a href="https://mastodon.ar.al/tags/CSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSS</span></a></p>
Bill<p>A smart person looked at GitHub's auth and ouch.</p><p><a href="https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">flatt.tech/research/posts/clon</span><span class="invisible">e2leak-your-git-credentials-belong-to-us/</span></a></p><p><a href="https://infosec.exchange/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>github</span></a> <a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
Christoffer S.<p>It would appear as if User-Agent anomalies could be a pretty strong indicator of detecting stolen credentials?</p><p>Given that a user will authenticate using a limited set of devices and apps that should yield a decent set of good user-agents.</p><p>A malicious actor would have to hit one of these to escape the "trap". And if that is coupled with changes in user-agents during a short time frame, it would make for a strong indicator.</p><p>Thoughts?</p><p><a href="https://swecyb.com/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DetectionEngineering</span></a> <a href="https://swecyb.com/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://swecyb.com/tags/SessionHijacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SessionHijacking</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>Hot take: <a href="https://mastodon.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> one-time passwords (OTP) are better than <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a>; especially when you store the codes on a <a href="https://mastodon.social/tags/Yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Yubikey</span></a>. </p><p><a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auth</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a></p>
Highlander<p><span class="h-card" translate="no"><a href="https://duck.haus/@joesteel" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>joesteel</span></a></span> seems like the Safari redirect for <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> purposes still happens to some people (like me on iOS 18.1.1).</p>
Slim Bill (He/Him)<p>Why I Prefer Hardware-based Authentication <br>A Bit of Security for December 2, 2024<br>I like hardware-based authentication – when it’s done right. Listen to this - <br>Let me know what you think in the comments below or at wjmalik@noc.social<br><a href="https://noc.social/tags/cybersecuritytips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritytips</span></a> <a href="https://noc.social/tags/SecureID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureID</span></a> <a href="https://noc.social/tags/hardwaresecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardwaresecurity</span></a> <a href="https://noc.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://noc.social/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a> <a href="https://noc.social/tags/accesscontrol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accesscontrol</span></a> <a href="https://noc.social/tags/BitofSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BitofSec</span></a><br><a href="https://youtu.be/m3vF3knbzHs?si=3-BTKClfspBBzISc" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/m3vF3knbzHs?si=3-BTKC</span><span class="invisible">lfspBBzISc</span></a></p>
xoron :verified:<p><span class="h-card" translate="no"><a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kkarhan</span></a></span> </p><p>thanks for the reply! far from being discouraged, i appriciate your engagement. i will try to be reasonably brief in my reponse to your points and give a general update on progress and objective.</p><p>&gt; scout out existing solutions</p><p>i have seem similar <a href="https://infosec.exchange/tags/webapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webapp</span></a> implementation, i think so far for "that kind" of chat app, the chat app is able to demonstrate similar basic functionality. for a wider adoption, the user interface needs to be more appealing, but i think its important to have a working proof-of-concept first. the project is specifically aiming to be a <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> <a href="https://infosec.exchange/tags/localFirst" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>localFirst</span></a> <a href="https://infosec.exchange/tags/webapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webapp</span></a>.</p><p>a couple notable similar implementation to mine are:<br>- <a href="https://github.com/cryptocat/cryptocat" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/cryptocat/cryptocat</span><span class="invisible"></span></a><br>- <a href="https://github.com/jeremyckahn/chitchatter" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/jeremyckahn/chitcha</span><span class="invisible">tter</span></a><br>(im sure there are many more, but i think my approach is yet different and unique to the ones i've come across.)</p><p>&gt; DO NOT DIY ENCRYPTION!</p><p>this is indeed a reccomended practice i have seen several times. here is a previsous reddit post on the matter: <a href="https://www.reddit.com/r/cryptography/comments/1cint8h/what_are_your_thoughts_on_subtlecrypto_vs_wasm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reddit.com/r/cryptography/comm</span><span class="invisible">ents/1cint8h/what_are_your_thoughts_on_subtlecrypto_vs_wasm</span></a> ... tldr; the underlying implementation provided by the browser is the best way to go. i have implemented the <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> using the <a href="https://infosec.exchange/tags/webcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webcrypto</span></a> <a href="https://infosec.exchange/tags/api" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>api</span></a>. i aim to not use a library for this. </p><p>i generally try to word things in a way that users can provide feedback on features. the app is still in a very early stage, but has a reasonable amount of features. im generally open to requests and questions.</p><p>&gt; minimum viable product</p><p>what you see as the chat app is also the <a href="https://infosec.exchange/tags/minimum" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>minimum</span></a> <a href="https://infosec.exchange/tags/viable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>viable</span></a> <a href="https://infosec.exchange/tags/product" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>product</span></a>. i think its sufficiently demonstrates the basic functionality of a chat app. i think the next step is to make the app more stable and user friendly.</p><p>those other apps youve mentions ive come across before. what sets my approach apart is that mine it's purely a webapp. with what id like to describe as <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p2p</span></a> <a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> over <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webrtc</span></a>, im able to remove reliance on a backend for <a href="https://infosec.exchange/tags/authenticate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authenticate</span></a> <a href="https://infosec.exchange/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a> <a href="https://infosec.exchange/tags/connections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>connections</span></a>. in some cases, bypass the internet (wifi/hotspot). while there are several ways to <a href="https://infosec.exchange/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhost</span></a>, in this approach of a <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a> implementation, im able to store large amounts of data in the browser so things like images and <a href="https://infosec.exchange/tags/encryptionKeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryptionKeys</span></a> can be <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a>" in the browser. while this form has nuanced limitations, it also has interesting implications to security and privacy.</p><p>there are many nice features from the different apps you mentioned and i think i have some unique features too. the bottle neck in this project is that i dont put in enough time to the app.</p><p>&gt; feel free to slowly ibtegrate them.</p><p>this is basically already my approach to get the app to where it is now.</p><p>thanks for the luck, take care and i hope you stay tuned for updates.</p>