|
|
|
|
|
|
by pwnna
4078 days ago
|
|
|
Unlike Persona, Hoomi will be able to know which application the user logs into, and for how long, correct? From what I've seen so far, it seems like the user and/or the application will have to make requests to Hoomi's servers. Does this mean that Hoomi will become essentially a single point of failure: if Hoomi's servers get compromised, the malicious agent will be able to collect the user's identities and activities? Especially if a lot of apps implement Hoomi, then it may even be possible for the malicious agent to profile the user's entire digital life by tracking them everywhere. This is what Persona aimed to prevent: it delegates the responsibility of identifying users to a third party and multiple such third parties can exists. Also, as far as I remember from when I used it, it also is designed to ensure that the authenticator have no knowledge of what the user is up to. |
|
|