I don't think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.
dracs
joined 1 year ago
Software cracks leaving a calling card isn't unheard of. Companies before have been caught out before with names of cracking groups showing up in their files.
Edit: found the article I was thinking of. Turns out it was Microsoft themselves!
http://www.techpavan.com/2009/05/24/microsoft-deepz0ne-pirated-cracked-sound-forge-windows-xp-audio/
This was the tool I used. It worked great for me.
Signal doesn't encrypt notifications from what I understand. It uses Google/Apples notification system like everything else. But the notification only says "Hey, wake up!". Then the Signal app goes and retrieves the message from Signal's servers. That retrieval will be encrypted, but it's outside the push notification system at the point.
That's not entirely true. It's only very recently that browsers have started using a new system called Encrypted Client Hello which hides the domain of the request. Prior to this all requests needed too have the Host field unencrypted so the receiving server knows which certified to respond with. I imagine there's still quite a few servers which don't support the new setup still.
Set Immich up a couple weeks ago and I'm surprised how good it is. Their docs included a simple cli tool to bulk import all my Google photos. Mobile app is working great. I'm really impressed with the search too.
I saw someone say that Valve holds back a portion of the revenue to cover potential refunds. If that's true, I wonder if that's calculated dynamically as it sounds like this is a higher than normal refund rate.
This is what I do as well and it's been working great for me.