Comment on Mozilla review of 25 car brands finds they're "a privacy nightmare"
brygphilomena@lemmy.world 9 months agoBecause banks don’t give out credit card details.
You created an authorization code which is independent from the credit card details. The authorization code doesn’t get revoked automatically when a card expires or a new card issues.
gravitas_deficiency@sh.itjust.works 9 months ago
Jesus tap dancing christ. I understand the difference between CC + CCV + expiry date and an oauth token (or whatever protocol they’re using for identification and authentication). I’m saying that not expiring auth codes when new cards are issued is a security and privacy issue. Users should ideally be given a switch to opt in to behavior like that. It should not be the default.