Privacy

31772 readers

390 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

118

Mullvad Blog: Hiding account numbers (mullvad.net)

submitted 5 months ago by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

Cross-posted from: https://sh.itjust.works/post/19987854

We have previously highlighted the importance of not losing your account number, encouraging it to be written down in a password manager or similar safe location.

For the sake of convenience account numbers have been visible when users logged into our website. This had led to there being potential concerns where a malicious observer could:

Use up all of a user's connections

Delete a user's devices

From the 3rd June 2024 you will no longer be able to see your account number after logging into our website.

"Hiding account numbers". Mullvad. 2024-05-27. Mullvad Blog (https://mullvad.net/en/blog/2024/5/27/hiding-account-numbers).
Archive

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 5 months ago (1 children)

why dont you guys do something useful like come up with a MFA powered contingency plan for people who get their ID stolen

or maybe actually come out with multihop on android?? lol

[–] [email protected] 20 points 5 months ago (3 children)

MFA kinda defeats the purpose of Mullvad. The less they know about you the better.

[–] [email protected] 16 points 5 months ago

6 digit totp is totally anon

[–] [email protected] 8 points 5 months ago (1 children)

A FIDO2 hardware key should do the trick. Not all MFA are based on communications.

[–] [email protected] 7 points 5 months ago (2 children)

You can't use those on a router, and they are painful on mobile.

[–] [email protected] 3 points 5 months ago

That was not the argument above, was it?

What kind of MFA you can use on a router, BTW?

I have a FIDO2 with Nfc, and it works. Is it convenient? No. Is it more secure? Yes.

[–] [email protected] -3 points 5 months ago (1 children)

Why can't you use FIDO2 hardware keys on a router? I have a PC running openBSD as a Router and I can use hardware keys.

[–] [email protected] 0 points 5 months ago (1 children)

So you are running a full-fledged OS on a standalone computer that functions as a router. An actual router has a very limited operating system with no such functionality, plus it's always online by design, so you'd basically have to have a key that is permanently plugged in; or depending on the setup you'd have to re-authenticate ever so often. Not exactly great considering most routers are hidden somewhere in an inaccessible corner.

[–] [email protected] 1 points 5 months ago

It's nothing fancy I just needed more CPU power on my router. I'm not saying it makes sense to use a hardware key to access the internet on router level, I'm just saying it works.

openBSD is actually kinda common base for routers. Also why would I hide a router in some inaccessible corner?

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago)

You could use open time based codes