this post was submitted on 04 Nov 2024
86 points (100.0% liked)

Privacy

31833 readers
247 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod
Yayannick@lemmy.ml
ranok@sopuli.xyz
86
Google Authenticator collects much more data than the other authenticator apps PCMag reviewed (www.pcmag.com)
submitted 2 days ago by yogthos@lemmy.ml to c/privacy@lemmy.ml
14 comments fedilink hide all child comments
top 14 comments
sorted by: hot top controversial new old
[–] ASDraptor@lemmy.autism.place 47 points 2 days ago

Shocking! The authenticator from the company which hoards all the data it can get from you and then more, hoards all the data it can get from you and then more!

Also: discover how the scientists discovered that every 60 minutes, an hour passes.

More news at 9.

[–] Charger8232@lemmy.ml 22 points 2 days ago (2 children)

Some good, open source TOTP apps to use are Aegis and Ente Auth.

[–] Zodarr@lemmy.ml 4 points 2 days ago (1 children)

I use Aegis, it does what's on the tin.

[–] butter@midwest.social 3 points 1 day ago

Verifiably, at that. On device only. Works without play services. Works without internet (doesn't even request internet permissions).

Also open source.

[–] NENathaniel@lemmy.ca 2 points 1 day ago

2fas is great

[–] normplum@fosstodon.org 18 points 2 days ago (1 children)

@yogthos That's expected when the name includes 'Google'...

[–] yogthos@lemmy.ml 9 points 2 days ago (1 children)

indeed, it's basically a spyware company at this point

[–] sic_semper_tyrannis@lemmy.today 2 points 2 days ago (1 children)

It always has been ever since they got a DARPA grant back in the day

[–] yogthos@lemmy.ml 1 points 2 days ago

true

[–] HiddenLayer555@lemmy.ml 14 points 2 days ago

Trusting your security to Google is literally like trusting a fox to guard your hen house.

[–] MonkderVierte@lemmy.ml 11 points 2 days ago* (last edited 2 days ago)

Aegis collects no data.

[–] shaserlark@sh.itjust.works 6 points 2 days ago (1 children)

I read their article but didn’t understand their methodology. This is pretty much in contrast to this video where a bunch of apps got audited and to everyone’s surprise Google Authenticator seemed like one of the most private alternatives.

Really not trying to defend Google here because… they’re fucking Google, but I’m wondering why the results are so different.

[–] FeelzGoodMan420@eviltoast.org 3 points 2 days ago* (last edited 2 days ago) (1 children)

Same. I also checked the data usage on my phone and google authenticator has used NO mobile data since I've had it installed for over a year. So I'm calling bullshit on this article.

I also do not see nearly as many permissions requested as in that screenshot. It needs photo and video permissions because you can upload qr codes and stuff. Also you can (don't have to) link it your google account, so obviously it would have access to your google stuff.

[–] shaserlark@sh.itjust.works 2 points 2 days ago* (last edited 1 day ago)

Yeah what can be done is create a clean Google account registered through an anonymous phone number and a throwaway user name & password, and best to secure it with a hardware key just to make sure no one can get into your OTPs by somehow getting access to those credentials. That should allow you to save credentials in an account at least if you make sure to not login to it on the same device as your other accounts.

But also not blaming anyone for not trusting Google in the first place.