trash
43
@jokeyrhyme
link
fedilink
19 месяцев

2FA for a centralized capitalist platform has nothing to do with security.

Really, nothing? Nothing at all? Not even a teensy bit?

Absolute statements like this are almost always inaccurate, because it’s incredibly difficult to know the heart/mind of someone else and what truly motivates them

@southerntofu
link
fedilink
1
edit-2
9 месяцев

Nope, nothing at all. It’s just a masquerade. I don’t like absolutist statements in general, but in that specific case, multi-factor auth does not provide code signature to other users, it’s just a gatekeeping mechanism for Github to authenticate you. This means whether they have a security breach or someone at Github wants to harm you, they definitely can push out malicious updates in your name, and therefore such measures have nothing to do with security in the context of “who wrote the code i’m downloading?”.

It’s a little bit like banks: they may require all the security measures they like, at the end of the day they can run away with all our money like they did in Greece and there’s absolutely nothing we can do about it.

To be fair, multi-factor authentication can help reduce the most obvious cases of password theft (eg. via a virus on a single device). But it does very little to stop phishing (unless using TOTP precisely, which is slowly becoming unsupported), bit/typo-squatting, etc.

@jokeyrhyme
link
fedilink
1
edit-2
9 месяцев

It sounds like your use case requires more assurances than can be provided by any external hosting provider

So, your best bet is to self-host, in which case you aren’t using GitHub, and these 2FA changes aren’t impacting you at all, and you don’t have to feel disturbed by them

@southerntofu
link
fedilink
29 месяцев

For my personal usecase i don’t care too much about code signatures or 2FA. I’m just pointing out that code signature (PGP-signed commits/refs) would do so much more for security than whatever SMS charade they’re gonna setup ;)

Privacy
!privacy
Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 9 users / day
  • 20 users / week
  • 94 users / month
  • 298 users / 6 months
  • 5.57K subscribers
  • 2.06K Posts
  • 7.65K Comments
  • Modlog