Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regarding the last criterion on the MFA tools page #2608

Closed
2 tasks done
redoomed1 opened this issue Jun 2, 2024 · 2 comments · Fixed by #2618
Closed
2 tasks done

Regarding the last criterion on the MFA tools page #2608

redoomed1 opened this issue Jun 2, 2024 · 2 comments · Fixed by #2618
Labels
t:correction content corrections or errors

Comments

@redoomed1
Copy link
Member

Affected page

https://www.privacyguides.org/en/multi-factor-authentication/#criteria

Description

Another person on the PG Matrix pointed this out:

i just read https://www.privacyguides.org/en/multi-factor-authentication/ and it seems like Ente is not fit for the criteria?

 Auth provides end-to-end encrypted cloud backups so that you don't have to worry about losing your tokens.
 We use the same protocols Ente Photos uses to encrypt and preserve your data.

did this change recently?

not even optional is allowed, as per criteria

 Must not sync to a third-party cloud sync/backup service.

 Optional E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.

their service is third party (that's why it needs a login)

Sources

Before submitting

  • I am reporting something that is verifiably incorrect, not a suggestion or opinion.
  • I agree to the Community Code of Conduct.
@redoomed1 redoomed1 added the t:correction content corrections or errors label Jun 2, 2024
@rollsicecream
Copy link
Contributor

rollsicecream commented Jun 3, 2024
edited
Loading

The main word here in this criteria is : third-party

So, I think in the case of Ente Auth, it's totally okay since they use their own sync solution. I also think that criteria meant to say that 2FA apps shouldn't use 3rd party services like Google Drive, OneDrive and other services.

I'm not well familiar with Ente Auth, when they say that :

Auth provides end-to-end encrypted cloud backups so that you don't have to worry about losing your tokens.
We use the same protocols Ente Photos uses to encrypt and preserve your data.

They use iCloud (or another service), right?

I could have been wrong though.

@redoomed1
Copy link
Member Author

They use iCloud [...] right?

No, according to the second link listed above in the "Sources" section, Ente uses their own implementation. Moreover, a member of the Ente org states in the following comment that they do not have plans to support iCloud sync: ente-io/ente#182 (comment).

Anyway, I opened this issue because the person from the PG Matrix makes a good point and this criterion should probably be updated. I'll open a pull request to address this.

@redoomed1 redoomed1 mentioned this issue Jun 17, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
t:correction content corrections or errors
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Update last criterion on MFA tools page
2 participants
@rollsicecream @redoomed1