- Actually text me the one-time passcode, rather than saying you sent it to me while instead texting it to the molten core of the earth.
Uhhh… how about NO??
In fact, as a casual security professional (it’s not a core part of my job, but I know a lot more than most ppl), I openly advocate making SMS and eMail illegal for transmitting one-time passcodes.
Why? Because both are critically insecure, cannot be adequately secured outside of laboratory or highly restrictive environments, and can be trivially hijacked.
The only one-time passcode that should be used are one-time password generators (TOTP) such as Google Authenticator or any other such method.
Yes, this requires a little more effort on the part of the site owner, but it’s worlds better than SMS or eMail, and far more user-friendly than forcing the user to open the company’s app just to receive the code (looking at you, Canadian banks and other businesses like Telus).
And can we interest sir in an EU privacy law–mandated cookie consent pop-up?
That is the malicious compliance implementation that big tech went for in order to nag us into accepting all cookies, not at all what the EU law had in mind. ”Reject All” is supposed to be as easy to choose as ”Accept All”, or you know, you could just read my browser’s ”do not track” setting, that’s what it’s ducking for.
Non-malicious compliance would be a protocol extension, don’t ask me how, but if WebSockets exist, then it’s possible to make an EuHTTP standard to which you’d upgrade. So that all these popups wouldn’t be needed and you’d conveniently set things up on the client.
Actually owch. One can just take some WS library and make a Gemini-like protocol, only over WebSockets (allowing for much of normal infrastructure to support it, you know, nginx, haproxy, lots of stuff), that would leverage convenient existing technologies and without need for Google’s browser engine more complex and expensive than a rocket.
OK, that’s called NOSTR, they are just not aiming for replacing Web in any form. For now.
EDIT: And this probably is not what’s being discussed.
GDPR also mandates only collecting as much data as is necessary.
Even with a consent banner, collecting all possible tracking data and selling it to 600 “partners” just to show a text page is against the law.
Unfortunately, you’d have to sue each website individually.They could start by making an example out of a big player like formula 1.
I like how they say the document “isn’t perfect”. As if to say the Pope is supposed to be perfect like Christ himself.
Along with everything great he said, one I get disturbed by in reading any page is “Stop doing the thing where the banner at the top of the site auto-hides when I scroll a short way down the page, but then reappears when I scroll back up”
His own site does #10
deleted by creator
Describing the symptoms of enshittification in the article
Amen. Maybe the pope should get into tech. It’s ducking time.
i am so tired of everyone being catholic sll of the sudden. all religion can suck dick.
Downvoting because in the 2nd paragraph:
I’m not Catholic, and I have grave disagreements with the pope on issues ranging from trans rights to women’s ordination.
