Nostr notes by William O'Connell

Never seen that, but I've never had a Sony phone so it could ...

2025-08-22T13:09:41Z

In reply to nevent1q…sfar
_________________________

Never seen that, but I've never had a Sony phone so it could be something with their version of the UI? My experience has been that the Google and Samsung software is pretty good and some of the other ones are a little screwy (though not without their own merits).

This is your first post I've ever seen on this platform, I ...

2025-07-02T19:05:12Z

In reply to nevent1q…4te4
_________________________

This is your first post I've ever seen on this platform, I have no idea what solutions you may have proposed aside from "passwords with no backup" which I don't think is workable for the vast majority of users. The main issue I took with your post was the implication that Google's authentication strategy comes from developers who "don't have a clue about the real world", which I don't think is true at all.

It seems like you're expecting a perfect solution that works ...

2025-07-02T18:56:07Z

In reply to nevent1q…w9k7
_________________________

It seems like you're expecting a perfect solution that works for 100% of people with no downsides, and you don't want it to cost any money to implement. I don't think I'm the one being unrealistic.

When I say biometrics what I mean is something like Amazon One ...

2025-07-02T18:44:08Z

In reply to nevent1q…mptm
_________________________

When I say biometrics what I mean is something like Amazon One where the hardware is public (in a library or a convenience store or something). So in this imagined scenario you wouldn't have to own anything, you'd scan your palm at the library computer and your email would automatically open. Obviously there are privacy concerns there, but it's the only thing I can think of that doesn't require you to remember anything or posses anything.

In the meantime if you know specific people who have this ...

2025-07-02T18:31:09Z

In reply to nevent1q…4zgw
_________________________

In the meantime if you know specific people who have this problem, I think Proton will give you free password-based email without needing a phone.

Companies don't care about anything, they're machines ...

2025-07-02T18:29:22Z

In reply to nevent1q…tt49
_________________________

Companies don't care about anything, they're machines that generate profit for their owners. Homeless Gmail users probably aren't that profitable. If there are services that homeless people need from Google, either the law needs to force Google to serve those users, or some other not-for-profit entity needs to be created to serve them. But I think an effective solution would have to be based on biometrics, which people have a lot of reservations about.

How would that help? A new passkey created for example.net ...

2025-07-02T18:27:20Z

In reply to nevent1q…n3vp
_________________________

How would that help? A new passkey created for example.net won't let an attacker access your account at example.com. I don't know how else to communicate this; passkeys are highly effective at preventing phishing. This has played out repeatedly in the real world. It's not theoretical.

I don't think users should be forced to use passkeys as their ...

2025-07-02T18:06:36Z

In reply to nevent1q…r3eg
_________________________

I don't think users should be forced to use passkeys as their only authentication method, to be clear. And I agree that Google, etc. could do more to help homeless/phone-less people use their services. But I think basically every organization could do more to help people in that situation? IMO it's more about incentives than "tech bros".

Web authentication for someone that has no possessions and can't remember their password (no one can) is a tough problem.

That's why passkeys are useful, they are immune to all of ...

2025-07-02T17:34:52Z

In reply to nevent1q…u899
_________________________

That's why passkeys are useful, they are immune to all of that. If your bank is example.com, example.net cannot compromise your account. Even if you're 100% convinced that example.net is your real bank, your passkey for example.com will not work there. This has been tested in the real world, it has stopped some very sophisticated phishing attempts.

https://blog.cloudflare.com/2022-07-sms-phishing-attacks/

I think the current design/implementation of passkeys pretty bad, ...

2025-07-01T22:45:38Z

In reply to nevent1q…nl8s
_________________________

I think the current design/implementation of passkeys pretty bad, but I also recognize that phishing is the #1 cyber threat facing most people so I'm generally supportive of movement away from passwords and towards phishing-resistant authentication. Am I a big tech bro?

This almost certainly isn't it but I'll mention just in ...

2025-06-26T22:38:54Z

In reply to nevent1q…d25g
_________________________

This almost certainly isn't it but I'll mention just in case: I had a computer that randomly started being very slow and it turned out the CPU fan had died so it was thermal throttling. Took me awhile to figure out because I don't think task manager has CPU temperatures (or didn't at that time anyway).

"The only cloud storage that doesn't track your ...

2025-05-07T20:58:36Z

In reply to nevent1q…caxd
_________________________

"The only cloud storage that doesn't track your activities and protects your privacy."

This seems like a really silly claim. Did they audit every other cloud storage provider in existence?

I don't know much about it, but the Unihertz Jelly Max is ...

2024-12-25T18:56:09Z

In reply to nevent1q…7yu3
_________________________

I don't know much about it, but the Unihertz Jelly Max is advertised as being very small if you haven't already seen it.

What does "CDNs excluded" mean? If you embed from ...

2024-12-09T20:03:49Z

In reply to nevent1q…peae
_________________________

What does "CDNs excluded" mean? If you embed from code.jquery.com does that count for what you're asking?