Hacker News new | ask | show | jobs
by Shasnani 497 days ago
Would love to hear more from you on this — why do you feel self-custody is a concern? For context, we're using Privy (https://docs.privy.io/guide/security/), which encrypts (and never stores) the private keys, and users simply log in with email/phone etc. auth (so no need for key management).
1 comments
Joel_Mckay 497 days ago
Keep in mind any centralized authority is subject to disclosure laws like the patriot act.

i.e. people can jack your phone/sms line for around $23, or access any email server on US soil for free.

https://www.youtube.com/watch?v=wVyu7NB7W6Y

This is why 2FA is actually more dangerous in some situations.

link
Shasnani 497 days ago
We're planning on enabling passkeys! Agreed that phone 2FA is not ideal, just the current setup.
link
Joel_Mckay 497 days ago
Unless people are using a public key system like Kyber hardened gpg public keys its mostly security theater.

i.e. people may feel safe in the complexity, but are open to the same shenanigans of any unregulated exchange.

Children in Japan figured out magazine faces worked on cigarette machines too.

Have a nice day =)

link