Good post.
Despite all the progress in terms of Wayland, I still find my laptop to be unstable with plasma + Wayland on fedora 38. Many visual bugs, when the screensaver is entered and I move my mouse again, the screen just stays black until I close and open the lid.
Some booting and spontaneous shutdown issues too, but I assume that's something else. (Framework 12 DIY)
I'm using all of these, but with my hardware keys. Didn't know you could do it without. I knew that it was part of the webauthn concept but no idea how it works.
The infrastructure for none of these exist (in my country at least). Phone numbers suck, but as signal is a application mostly used on phones, I think it is the most common denominator for the user base.
That would do nothing to validate that the user is real, they can just insert any hash and claim it's their face's hash. At that point we can just use regular passwords, but as I said that won't solve the spam Accounts issue.
Honestly, I'm not sure what you are talking about. Could you elaborate more?
Are you implying that sending some hash is better than sending the secret and let the server deal with it?
There was no need to generalize Linux people. This discussion has nothing to do with Linux.
It's a bad problem no? Combatting "spam" Accounts while balancing privacy.
Personally, I don't want to give them any more information than is really necessary.
What alternative to phone numbers would you recommend? I'd probably prefer it over giving my phone number away.
True, but it's not exactly User friendly too, right? If not, tell me. I'll be happy.
Video call is expensive, and frankly, if I'm gonna sign up at a private service, I'm not going to make a damn video call.
Email is not enough to go against spam. Email addresses are basically an Infinite Ressource.
Other verified factors are nothing concrete. Sure we could all use security hardware keys, but what's the chances that my mom has one?
That's a joke right?
If not: It does not matter what hash I send, because it's cryptographically impossible to tell what the hashed thing is. That is the whole point of a hash.
Also: sending a hash over the network instead of a password or whatever the source material is would be a bad practice from security perspective, if not a directly exploitable vulnerability. It would mean that anyone that knows the hash can pretend to be you, because the hash would be used to authenticate and not whatever the source material is. The hash would become the real password and the source material nothing more than a mnemonic for the user. Adding to that: the server storing the hash would store a plaintext password.
Personally, I use Bitwig studio. It's. It not Foss, but it's well build, not as expensive as others, and it fulfils the "no Tux no Bux" requirement.