vague woman/man/genderless person(?) who is or isn’t deadly serious and/or trolling you at this very moment

  • 0 Posts
  • 27 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle
  • monko@lemmy.zipto196@lemmy.blahaj.zonelemmy.rule
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Sure, petition to rename it. I don’t think anyone would care, except the folks feeling suppressed by American exceptionalism.

    Or, idk, start your own world news instance with super strict rules, zero US stuff. No one is stopping you. Isn’t that the point of this platform?





  • monko@lemmy.zipto196@lemmy.blahaj.zonelemmy.rule
    link
    fedilink
    English
    arrow-up
    7
    ·
    7 months ago

    Do you think “supress” simply means “not up voting non-US content?” Okay, maybe I got that one wrong.

    But you really don’t get how hostile you guys come off toward US folks who are just existing?

    I mean, your comment is the very embodiment 9f the anti-US sentiment I see from so many. What are people supposed to do to appease you?


  • monko@lemmy.zipto196@lemmy.blahaj.zonelemmy.rule
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    I would love to see some examples of these minority topics being down voted or suppressed since it seems to be deeply affecting international users’ experience.

    To me, it seems like you and the OP resent US users for simply existing in an online space without putting forth any solutions to the issue. Are you sure you’re not trying to find ways to justify anti-US bias?

    If you want the space to have more equal representation, why not produce high-quality content that appeals to your fellows rather than moaning about people who by your own admission mean no harm?













  • I get what you’re saying, but it’s not about getting locked out. It’s about other people using recovery methods to take over your account. Why would anyone try to break through durable public-key encryption when you can just phish a victim’s email account password?

    And it’s not like real-time phishing for 2FA/MFA isn’t widespread—it’s just not automated to the same level as other methods. That said, two- or multi-factor is going to stop 99% of automated hacks. It’s the determined ones that I’m concerned about.

    In regards to the Apple thing… Apple passwords can be reset using a recovery email. That means the security of the account leaves Apple’s ecosystem and relies on the email provider. So, if I’m a cybercriminal determined to hack your account, I start there.

    Then, if you’ve got your keychain all set up, it’s time for a SIM swap. I clone your SIM or convince your mobile carrier to give me a SIM with your number. And even if recovery contacts and keys are alternatives, the use of SMS is problematic. If you really can turn it off, then I’m all for it. But if you can’t be sure, neither can I.

    SMS is a very low-security option that is showing its age. It was never intended to be a secure verification method, yet it’s become incredibly popular due to its availability. Unfortuantely, telecom companies are simply not interested in upping their security.

    All SIM swap protection is opt-in at this point. Verizon and the gang might wise up considering the lawsuits leveled at them by victims—many of whom lost millions in cryptocurrency due to the carriers’ negligence—but it’s not likely.

    The point here isn’t that passkeys are bad for consumers. They’re convenient and about as secure as existing methods. The problem is that they’re being sold on average folks as a security upgrade even though they’re more of a sidegrade. PKI/FIDO already existed before the whole passkeys buzz did, and it had the same limitations. This is mostly just branding and implementation.



  • Totally! Browser and device fingerprinting are commonly used as first-line defenses against ATOs (account takeovers). There are other kinds of fingerprinting, like those that can learn about your installed hardware and drivers. Really, I’m learning about more fingerprinting methods all the time. That said, decisions are usually made based on several different information sources. These include variables like:

    • GPS geolocation
    • IP address/location
    • Time of day
    • Device ID, OS version, browser version, etc.
    • Hardware profiles, including CPU and GPU architecture/drivers
    • User behavior like mouse movement, typing patterns, and scrolling
    • Whether the user is connecting via a known VPN IP address
    • Cookies and extensions installed on the browser

    There’s even some buzz around “behavioral biometrics” to identify individuals by how they type, but this is still not the sole method of identification. It’s mainly about flagging bots who don’t type like humans. However, learning how an individual types can help you determine if a subsequent visitor is the actual account owner or a bad actor.

    In my experience, fingerprinting and adjacent identity proofs are rarely used in isolation. They’re often employed for step-up authentication. That means if something doesn’t match up, you get hit with a 2FA/MFA prompt.

    Step-up can be pretty complex if you want it to be, though, with tons of cogs and gears in the background making real-time adjustments. Like you might not even realize you’ve been restricted during a session when you log in to your bank account, but once you try to make a transfer, you’ll get an MFA prompt. That’s the UX people in action, trying to minimize friction while maintaining security.