Comment on Women’s ‘red flag’ app Tea is a privacy nightmare

<- View Parent
NeilBru@lemmy.world ⁨6⁩ ⁨days⁩ ago

Encrypting the transmission doesn’t do much if every app installation contains access credentials that can be extracted or sniffed.

Encrypt the credentials then? Or OAUTH pipeline, perhaps? Automated temporary private key generation for each upload (that sounds unrealistic, to be fair)? Can credentialing be used for intermediary storage that’s encrypted at that server and then decrypted on the database host?

Clearly my utter “noobishness” is showing, but at least it’s triggering a slight urge to casually peruse modern WebSec production workflows. I am but a humble DNNs-for-parametric-CAD-modelling (lots of Linear Algebra, PyTorch, and Grasshopper for Rhino) researcher. I am far removed from customer-facing production environments, and it shows.

Any recommendations on literature or articles on how engineers solve these problems in a “best practices” way that you can recommend? I suppose I could just look it up, but I thought I’d ask.

source
Sort:hotnewtop