this post was submitted on 06 Feb 2024
618 points (98.9% liked)
Technology
59377 readers
5130 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I can also see the irony. But I can't imagine another way to do it at any scale. Do you know of another option?
Something akin to haveibeenpwned.com password hash partial match? Can that even be done with this data?
Edit: You goofs know you can calculate the hash locally and submit it for review without actually exposing your password to them right? That's how bitwarden does it's check. https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity
Ah, but Mozilla isn't even trying to do anything cool like that. They just use onereap and those fuckers look shady. Quotes from their privacy policy: https://onerep.com/privacy-policy#what-data-we-collect-and-how-we-do-that
The bastards
No. If your name is Dave Jones they have to look around those broker sites for Dave Jones. If those sites were using hashes then they could use hashes too.
This is no different than any credit or identity monitoring service. The need to give them basic information should be obvious, people have to decide if the company is trustworthy or not.
They could just look for names, then hash those names and compare them to your hashed name. So technically that don’t need to store your data, just hashes.
I'm all for privacy but worrying about giving one of the most trustworthy companies around your name seems a bit much.
You'd also have to give them your card details to pay for it.
This would also require searching and indexing the entire system as opposed to searching it.
Need a Moreno payment system
Tbf if someone logged that you were paying for this service that data would get removed anyway haha