Passwordless my a.. 🤡

Again…not a fan of reading

Goolag layed it all down for you:

Biometry, unique ids and all that jazz…

Pretty much every website on the internet, with a handful of exceptions, has Goolag javascripts running on it. If you’ve logged into a Goolag account on your phone just once, they can identify you with 100% accuracy and know exactly what you’re doing online, because they can match you to your IMEI.

Also, in most jurisdictions, it is illegal to modify the IMEI of the device you own. You can end up in prison, guilty of a crime of forgery and fraud by changing a few numbers in the phone you’ve legally bought yourself! You are basically owned by your device, not the other way around.

And while the Android operating system is supposedly “free and open source” (it isn’t because you’re not the one building the binaries that your phone runs), many components of it, like the Goolag Play Service or whatever it is called, is very much proprietary. And it handles all this login nonsense, and transmits your IMEI to Goolag.

You haven’t watched the video I linked, have you? It’s best to do so before we continue this conversation, because I don’t feel like just restating what the video says.

I actually think all that is probably true. This is just one of those situations where security and privacy are not the same thing.

Yeah, the security refers to Goolag’s income, not to your own security. Soon they’ll just be able to tell your self-driving car to take you to the secret police headquarters if you’ve been a bad citizen.

They can already remotely disable the breaks on you car and crash you into a tree.

And they know all your opinions, political views, how you spend your money, where you are at any moment… And all of that for all your friends and associates, as well as when you interact with them.

ALWAYS!!!111

I don’t see what you might mean…
Those were never the same thing.
IIUC, OT suggests that the need for security leads to surrendering your privacy, which was always like this.
IMHO the real difference now is they claim it in the open and celebrate for this, wanting you to accept this lockdown of your privacy, as a gift from heaven.
Classic mass manipulation. If they shout in the open and I don’t know what they say, then… they must be right

For whoever doesn’t get it, read about mass manipulation.

That is true but many people confuse them on a regular basis.

As it relates to technology, there are many things which provide both additional privacy and additional security. However, to your point, it isn’t always the case.

If we consider people as a whole, going to a passwordless method will probably increase security overall.

• No matter how much we try, we can’t keep people from using the same passwords everywhere
• No matter how much we try, we can’t keep people from losing their passwords in phishing/social engineering attacks
• When the wrong person has their account compromised, it doesn’t only impact them. It can impact others who are doing everything right. Something like a supply chain attack is hard to block when the thing you use to protect yourself becomes the attacker.

That being said, depending on how it is implemented, that type of authentication can absolutely be invasive from a privacy perspective.

I think we are forgetting something. Personal failure is not the end of the world. OTOH a totalitarian, unelected, global government may very well bring the end of the world.

So what? Are we accepting no-responsibility jobs? For example, a Bank almost bankrupts, but we have to always save it with clients/citizens money, while bankers never share their profits, when they are increased. I cannot make any sense in this. Can you?

Responsibility. You fail, you pay, you jail

Edit: No security is enough to protect 100%. Crooks are inventive.
Even if you stick a chip in your hand or head, they would cut your hand or head to rob you.

Except the world doesn’t actually work this way.

Honestly, even if it did, I am not sure it would help much.

If I get compromised because of a failure of someone else and they get imprisoned or fined for it, that doesn’t actually help me. I am still compromised.

Not the end of the world… even if it’s a personal cost.
The community, the rest of Earth’s population are still OK.
You (or anyone of us) are not the center of the world.

Note: I apologize for the rough psychotherapy session in a technical forum. But we are still humans…

Err…passwordless authentication is also unlikely to bring the end of the world even if it is invasive from a privacy perspective.

That being said, it isn’t only about me. That was just an example.

Lets take a broader example, company A, a moderate size company, lets say 100 million USD in revenue gets compromised. Company A provides some critical product to companies B, C and D. Those companies are much larger companies. Companies B’s compromise results in hundreds of millions of consumers personal sensitive data being stolen. Company C’s compromise results in millions of home routers being remotely compromised. Company D’s results in an attack on health infrastructure which causes massive disruption in access to healthcare.

Company A is clearly at fault but they don’t have the funds to repay the damages and throwing half of them in jail isn’t going to stop what happened.

The damage to society as whole is significant in this case.

My point is not that this is great technology and we should all embrace it. My point is simply that there is a real problem that exists and something like this could help. I am not saying it is a silver bullet because there is no such thing. The reality is that most people don’t actually care about their privacy that much. For them, this is increased security which could benefit the rest of us.

1. Are we going to sell our solves to the highest bidder, because of those stup undescribable people? Why so? Rule of the stu irresponsible? Is this a world you accept to live in?
2. They need to pay (with their own privacy compromise, not ours) themselves. Not the whole globe…
3. What is the benefit to one that did no harm and was responsible? Should the innocent be punished in place of the guilty? (this reminds me of something, but let’s not get religious, for the moment… )

The larger a company is, the greatest responsibility and security measures should take. Saying “it was not my fauuuult…” is a childish excuse!

If someone chooses to give up their own privacy they have the right to make that decision just as much as the person who chooses to protect it.

I don’t see how this impacts the whole globe. It only impacts those who choose to use it.

I don’t follow how you got from there to here.

The problem is that while people are working on it, stopping a supply chain attack is not something that we currently have a good solution for.

It is easy to point fingers at a large faceless organization but it isn’t always the case that they made a mistake.

Agree.

But the claim is "we all need to jump into this passwordless my…, or it is supposed that we are going to be forced into it, because it’s so cooool media promo.

Do I need more security, giving up my privacy, when I manage to secure myself to the level I choose to? More security is no benefit to the rest of us, unless we choose this.

Then why having huge supply chains, when we cannot protect them, make them trustworthy? From my roots quotes:

Μην απλώνεις τα πόδια σου αν δεν φτάνει το πάπλωμα
Don’t stretch your legs longer than the mattress can cover them (quick translation )

It is not easy, it is the right thing.

Then we blame The Universe?

I certainly never made such a claim

My point is that this isn’t true. Other people being more secure actually does help the rest of us even if we make no changes.

Why do we need someone to blame in the first place?

Just to get the funds to lessen the pain of the society damage.

Do I have to remind you I don’t like being said I’m at fault?
My fault is the emboldened part (maybe).

unless WE/I/each one choose this.

It may have to do with the POV. Which tower have you climbed on…
Being on the ground, or in the countryside, a farmer with no modern technologies in his work, has close to zero benefit from Google knowing all Earth’s population secrets, in order to protect them, or sell them to ad/propo companies for a small(?) fee.

I’ll see your Crayons and raise you a box of Sharpies!

image1440×1332 97 KB

EDIT: And I believe Dalto has pretty much nailed it. No need to keep on hammering the topic. Privacy & Security–two different topics.

I fundamentally disagree with that statement (not in academic definitions obviously, but in reality of we’re living in) - one simply can not exist without the other on a mass scale worldwide, especially when it’s argued to be forced without alternative.

It would be delusional to accept, coz it’s not some theory…you can search how well full cities lockdowns going right now in China, and how their famous soycial credit score is a huge part of it (mentioning it because it’s based on personal ids like that passwordless crap)…sorry comrade not going out of your room anymore, no food until party decides so, you can scream all night from your building.

That’s pretty much what it boils down to.

In it’s basic form having freedom or privacy != not having security.
However if you give up freedom (including freedom to do stupid things, like having 123456 password if you’re a brainlet) for whatever reason, in that case here by believing some big tech companies that this bright idea that will improve security, save children, fight extremism and all the good things - you’ll absolutely certainly won’t have privacy, security and probably your life at some point…

Therefore in reality it’s not really two different things or topics, they’re very much connected.

P.S. Unless we’re talking some very specific type of security, like special forces, military or corporations that have zero privacy but very high security inside, and they have any right to do so exactly that way, but that’s not the case we’re talking.

May i remind you all - we live in a society