Harrison

joined 1 year ago
[–] Harrison@infosec.pub 5 points 1 year ago (2 children)

It's less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:

  1. You can't get your data out of Authy. Actually you can, but it's a long annoying process involving installing an out of date chrome extension and using developer tools.
  2. Privacy issues. Authy links a lot of data including location to your identity.
  3. Authy supports SMS account recovery (which is inherently insecure) and doesn't allow users to disable it.
[–] Harrison@infosec.pub 3 points 1 year ago (4 children)

Android is easy, Aegis.

IOS is much harder. Right now, probably "2FAs". Authy is owned by Twilio, Raivo was just bought out by an advertising company, and the others are either too small to get the exposure required for any level of security or charge for the feature.

[–] Harrison@infosec.pub 1 points 1 year ago* (last edited 1 year ago)

I just tried "2FAs", which seems to be the most recommended free one. It failed to import any 2FAs from the Raivo export with 7 digits, but otherwise worked fine. Problem is it failed to import silently, didn't give any errors, which was offputting. Using it for now, but Raivo was better software. Pouring one out.

[–] Harrison@infosec.pub 2 points 1 year ago (1 children)

From what I can see on their website, the 2FA feature is only available if you pay $1/month. No gratzie.

[–] Harrison@infosec.pub 3 points 1 year ago* (last edited 1 year ago) (4 children)

There's zero evidence of any wrongdoing or shadiness other than them having employees living in Russia. The company itself moved to Cyprus, many of their engineers left Russia, none of their servers are physically located in Russia, and they publicly disavowed Russia's invasion of Ukraine.

This doesn't mean Russia couldn't apply massive pressure by threatening family members, etc, of course, but I personally have no concerns at this time and use AdGuard Home (their local adblocking DNS server) in my LAN and their iOS app on my devices. The iOS app in particular uses Apple's content-blocking Safari tech so it should be completely safe so long as you don't pay for a VPN or use a local VPN to block everything outside Safari.

If you're rooted on Android, definitely use AdAway instead, it just replaces the hosts file.

https://adguard.com/en/blog/official-response-to-setapp.html

[–] Harrison@infosec.pub 1 points 1 year ago

Facebook is terrible obviously but this is a good thing because they have tremendous resources to defend against Apple’s lawyers and that could open the door to less evil app stores in the EU. Competition is good, always.

[–] Harrison@infosec.pub 4 points 1 year ago (1 children)

I’m all for open source alternatives to bitwarden but this is non competitive with a mandatory subscription fee. Bitwarden is completely free for most users.

view more: ‹ prev next ›