Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gleasonator.com/objects/5c53102f-3e0f-486b-8d71-72d6f46d55c4">Alex Gleason (alex@gleasonator.com)'s status on Monday, 27-Feb-2023 00:16:38 JST</a><a href="https://gleasonator.com/users/alex" title="alex@gleasonator.com"><img src="https://gnusocial.jp/avatar/1712-48-20220726020642.webp" width="48" height="48" alt="Alex Gleason" style="position: absolute; left: 0; top: 0;">Alex Gleason</a><div><a href="https://shitposter.club/objects/87860a0f-8484-4157-bc9f-da6e6daf1b0a" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/2401" title="kroner@seal.cafe">kroner</a></li><li><a href="https://gnusocial.jp/user/91252" title="gvs@rebelbase.site">gvs</a></li></ul></div></section><article><p><a href="https://shitposter.club/users/Moon">@Moon</a> <a href="https://rebelbase.site/users/gvs">@gvs</a> <a href="https://seal.cafe/users/kroner">@kroner</a> The only concern I have is leaked private keys. For apps to be so easy you can start posting immediately, it means your private key is stored in a web browser. We also want to integrate this into existing systems with thousands of users. But it opens up a new vulnerability of “what if the server gets hacked and everyone’s keys get leaked”. This is worse than leaking passwords because there’s no recourse. Those accounts just get stolen forever.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1249094#notice-2632093">In conversation</a><time datetime="2023-02-27T00:16:38+09:00" title="Monday, 27-Feb-2023 00:16:38 JST">Monday, 27-Feb-2023 00:16:38 JST</time> <span>from <span><a href="https://gleasonator.com/objects/5c53102f-3e0f-486b-8d71-72d6f46d55c4" rel="external" title="Sent from gleasonator.com via ActivityPub">gleasonator.com</a></span></span><a href="https://gleasonator.com/objects/5c53102f-3e0f-486b-8d71-72d6f46d55c4">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Monday, 27-Feb-2023 00:16:38 JSTAlex Gleason
in reply to
@Moon @gvs @kroner The only concern I have is leaked private keys. For apps to be so easy you can start posting immediately, it means your private key is stored in a web browser. We also want to integrate this into existing systems with thousands of users. But it opens up a new vulnerability of “what if the server gets hacked and everyone’s keys get leaked”. This is worse than leaking passwords because there’s no recourse. Those accounts just get stolen forever.
In conversationMonday, 27-Feb-2023 00:16:38 JST from gleasonator.compermalink

Public

Embed Notice

HTML Code

Corresponding Notice