Since I am not in anyway inclined to go read their code, I probably will just trust FF’s “recommended” flag until there is an obvious problem. Of course, when it is like that, then it’s too late. I tried the “Dark theme” on FF for a little bit, switch back to using Dark Reader in no time.

There are two types of passkey. Syncable and device-bound. (see https://fidoalliance.org/passkeys/). Theoretically, the device-bound passkeys never leave the device and users don’t have any access to it except to use it for authentication. The syncable type will first and foremost be synced by the platforms themselves (Google, Microsoft, and Apple), but eventually the 3rd-party password managers will be allowed to be sync providers, but possibly only on newly-released OSes.

As far as I know, the passkey implementations currently on Android and Windows are device-bound; they are not synced to the cloud.

It works for Google, Adobe, and Github for me, on Firefox; those are all the sites I use that support passkeys. It even works with Firefox on Android 13.

Do you have Windows hello enabled? You may want to investigate this more.

This is from the horse’s mouth: https://fidoalliance.org/passkeys/

It is a FIDO alliance protocol. This is meant to replace/supplement password, not as 2FA. The sites I use that implement it, Google, Adobe, and Github use it to supplant both the password and 2FA. Cool thing about it is more less: 1) unphishable 2) doesn’t matter if the website’s passphrase data leaks.

Good question. My bad.

And Tiktok!

Firefox ESR 102.15 & windows 11 (Hello) seem to work fine.

Yeah, neither seems likely any time soon.

deleted by creator

Yeah, it spreads to everybody that is a “threat” to the power that be.

a person of interest

Thanks for the reminder.

article:

journalists, opposition politicians, and activists

wikipedia: pretty much anybody of interests of the people with the ability to acquire the service

journalists, lawyers, political dissidents, and human rights activists

scholars, bureaucrats (India)

politicians: head of stead (Iraq), mayors (Israel), associates (Israel), politicians (Israel), son of prime-minister (Israel), presidential candidate and associates (Mexico), prime minister (Morocco), King (Morocco)

government employees (Israel), government officials (Israel), ex government officials (Israel), military officials (Morocco)

employees of government-owned companies (Israel),

suspects (Israel), drug cartels (Mexico), criminal (Netherlands)

civil society members

heads of corporations (Israel)

Panama: foreign spying, including for spying on political opponents, magistrates, union leaders, and business competitors, with Martinelli allegedly going so far as to order the surveillance of his mistress using Pegasus.[5]

Thx. You don’t seem to be the only one.

In July 2022, Charlie Osborne of ZDNet suggested that individuals who suspect a Pegasus infection use a secondary device with GrapheneOS for secure communication.

https://www.zdnet.com/article/how-to-find-and-remove-spyware-from-your-phone/

Well, that’s most terrifying. Can you do anything about it except not using smartphones?

There seems to be 20, some nonextant.

https://redbus2us.com/us-visa-forms-ds-160-260-has-social-media-questions-now-samples/

Yeah, no Google either. I heard Apple is currently spending over a million dollar a day for AI training. Soon, you’ll have something beyond Siri.

I wonder if, for Meta, being open-sourced wouldn’t fit the company with the rest. Also, for now, it looks like a publicity stunt with no real teeth. Those more substantial AI companies maybe holding out for more favorable treatments.

https://www.404media.co/revealed-the-country-that-secretly-wiretapped-the-world-for-the-fbi/

It’s already behind a paywall. But it was really a sting operation, using fake “secure” phones, to catch criminals, by skirting constitutional requirements.

I personally think you have to be careful. If they don’t like your application and find that you are not disclosing the information, it might become a justification to reject the application. Remember that there are 3rd parties that massively correlate internet data that are sold to governments and corporations. Unless you accounts definitely cannot be linked to your real identity, there is a chance that they will find out what social accounts you have anyway.

It seems more or less. Have you seen the recent news about US government’s arrangement to have an eastern European country running a platform to collect data on its own citizens to skirt around the warrant law? If citizens are being treated as such, how are non-citizens being treated?