this post was submitted on 11 Sep 2023
32 points (88.1% liked)
Privacy
31996 readers
1022 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not that it applies here, but I've run into situations where even when copying the secret in text form and importing it didn't end up working.
What does almost always work is taking a photo of the screen showing the QR with another device and then using the current device to scan the QR on the other screen. Obviously you need another device with a decent camera but there you have it.
On iOS you can just screenshot the code and open it in photos, and have it work from there just like from the camera.
And for me, when 2fa is needed, I enter my u/p, and then Lemmy says authentication failed and it presents me with u/p/2fa, which all get auto-populated by keychain.
I'll just warn you that if you use Apple's keychain, you are vulnerable to all of the various zero-click zero-day nonsense that's been in the news. Like, obv you're unlikely to be specifically targeted but when you use Apple stock stuff, you're vulnerable to all that. Its becoming more likely that this is intentional as a backdoor to all the other protections that get touted.
Orher password managers allow for the possibillity of keyfiles and 2FA so I would reevaluate if you can. You are not "safe" and at some point one of these hacks are going to hit mainstream à la Lastpass and I just want to make sure you're pre-warned.
At the very least, get your ass on Lockdown mode since it invalidates these attacks, for the most part and as far as we know. Also disable iMessage and Facetime if possible
Any source for it as a back door? I hadn’t heard anything about that nor did a quick internet search turn up anything.
That's technically conjecture but iMessage and WebKit and iCloud Calendar have had zero-day after zero-day zero-click exploits because they don't sandbox properly. And when it gets exploited , it goes to the very root of your phone. Its gets them everything as opposed to 3rd party messengers like Signal or Whatsapp that are limited to their own secured sandbox
This has happened over and over again and iMessage is often the common denominator, as it was most recently. At a certain point, you have to wonder if something thats turned on by default (opt-out) that uses your number and where you can't block unknown numbers from sending you shit isnt that backdoor that was requested years ago and likely persistently even now. Also your messages are likely full readable by Apple since iCloudBackup helpfully includes a key alongside it for easy decryption