Google Authenticator still syncs two-factor authentication secrets without E2EE. If you enable cloud syncing, this means:
1️⃣ Google can read the secrets and generate one-time passwords for your accounts
2️⃣ Google knows the services you use
3️⃣ #Google knows your usernames
4️⃣ Given a court order, Google is obliged to hand over this data to law enforcement
#Privacy #privacymatters #CyberSecurity #infosec
https://defcon.social/@mysk/110262313275622023
@PC_Fluesterer @mysk I'm with you here. I tried to explain this to our HR department that there exist people who want to and can live without #Google. Got weird responses.
@PC_Fluesterer @mysk Basically: "There are no such people. Not in the business world."
But I am a people (should have been my response)
@dbread @mysk Could you cite the best of them? Many thanks! 😀