Tildes embraces an empathetic take on interaction on the internet. So while this is true, your comment (and actually in my view, the parent comment) is worded too brashly. This might deter others,...
Tildes embraces an empathetic take on interaction on the internet. So while this is true, your comment (and actually in my view, the parent comment) is worded too brashly. This might deter others, even if their questions are potentially naive or easily discoverable, from wanting to ask in the futureāa form of chilling effect that should be discouraged.
It's helpful to teach people how to learn for themselves, but this style of comment does nothing to improve the situation.
I did intend to word it somewhat brashly because, in my view, the original post is actually fairly passive-aggressive. Let's live in the world where Tildes didn't have a "remember me" checkbox and...
So while this is true, your comment (and actually in my view, the parent comment) is worded too brashly.
I did intend to word it somewhat brashly because, in my view, the original post is actually fairly passive-aggressive.
Let's live in the world where Tildes didn't have a "remember me" checkbox and did this by default for a second: I'd much rather see a "Hey, would it be a good idea to add a 'remember me' checkbox?" than the way this post raises the issue.
I had more to say about this but deleted it because I don't want to make @suspended feel like I'm trying to bully them. Live and learn, best move past it.
It might be good to think about scenarios where this could be a problem. Using someone else's computer to log into Tildes (For example, at a hotel or library, or at someone else's house.) This is...
It might be good to think about scenarios where this could be a problem.
Using someone else's computer to log into Tildes
(For example, at a hotel or library, or at someone else's house.)
This is always a bit risky since you're trusting someone else's computer security.
Using shared computers is much less common than it used to be due to cell phones. A workaround would be to use incognito mode (or equivalent), or remembering to log out, or just taking a break from Tildes. (It's okay, we'll still be here later.)
Snooping by family, roommates, guests
If this is a potential problem, locking your screen whenever you leave your computer is the first line of defense. Phones have fingerprint sensors, and so on. As a backup, banks will automatically log you out and refresh the screen after a pretty short timeout, to make this less likely. Tildes isn't a bank, but this could be useful for some users.
Some sites do this, it's essentially a convenience vs. security trade-off. That being said if the site is sensitive it is probably not unreasonable to trust that it's users are careful with their...
Some sites do this, it's essentially a convenience vs. security trade-off. That being said if the site is sensitive it is probably not unreasonable to trust that it's users are careful with their logins.
Yeah, but the question is how sensitive is a Tildes account? And I think that depends on the person. I consider my Tildes account to be relatively low-risk because I don't post anything I want to...
Yeah, but the question is how sensitive is a Tildes account? And I think that depends on the person.
I consider my Tildes account to be relatively low-risk because I don't post anything I want to keep private. It's easy to get from my Tildes username to my real name, so I'm already somewhat cautious. If some troll posts as me, it may be embarrassing since I like to think I'm reasonably good at computer security, but it's probably not the end of the world. I could verify my identity to Deimos from another account and he could let me back in. Also, my house and phone seem secure enough, and so I think staying in logged in all the time is a nice convenience that's worth the risk. (On the other hand, if it went away I'd just save my Tildes password in my browser, and it amounts to almost the same thing.)
But of course other people have different risk profiles. For pseudonymous users the risk profile can be entirely different. A classic example is someone who is gay and not out, and talks about it here. Any way of linking their account to them (including shoulder surfing) could be pretty bad.
One way to solve this would be to ask people something about their risk profile when they sign up. Although it's easy to understand what "keep me logged in" does, people may not think through the consequences. It may be better to talk about the risk more directly.
This is just off the top of my head, but suppose that when you sign up, you get a checkbox like:
[ ] Use extra-secure defaults (recommended for posting sensitive info using a pseudonym).
And then by default, the "keep me signed in" option gets hidden away in settings, and maybe other stuff gets locked down too?
Maybe that particular idea isn't a good one, but could it be improved? It seems like this is less about the security features themselves and more about the UI issues of helping busy or distracted people make good choices about whether to use them.
Yeah, what you describe would basically be a speedbump to prevent thoughtless use. (And if you think that's bad, you might want to search for how to turn on developer mode on an Android phone....
Yeah, what you describe would basically be a speedbump to prevent thoughtless use.
(And if you think that's bad, you might want to search for how to turn on developer mode on an Android phone. It's not hard, but the UI is designed so you will never find it without reading the directions on how to do it.)
But I was describing something slightly different, where you ask the user when they register what sort of privacy they're interested in when using Tildes and pick defaults based on that.
There are arguments for and against this. Because it very much depends on a multitude of factors. Part of the reason "keep me logged in" exists as convenience is because people find constantly...
There are arguments for and against this. Because it very much depends on a multitude of factors. Part of the reason "keep me logged in" exists as convenience is because people find constantly logging in annoying. Not offering it could lead to them coming up with worse solutions like noting the password in a close location for ease of access or simply never quitting the site in order to stay logged in. And if we're working on the assumption that you might have uninformed or complacent users then this is a definite possibility. Convenience vs. Security isn't a problem exclusive to the developer side of things.
Keeping a login through cookies can be more secure for administrators because cookies and/or sessions can be revoked, either manually or on a scheduled basis. It can also help detect potential unauthorized logins by supposing that users will prefer using logged in devices and so every new login can be treated with suspicion. Twitter, Google and Facebook, for example, do this to some extent.
Protonmail's web interface is an example of a site that doesn't has a "keep me logged in" function on the login page and deletes sessions as soon as the tab/window closes. But Protonmail's userbase is likely a very specific kind of user who understands the potential risks of not doing so. I'm not sure this would actually increase security for the average uninformed or complacent user.
You can still be security/privacy focused and offer "keep me logged in" type options so as not to annoy the shit out of your users by constantly forcing them to relogin every single time; Just...
You can still be security/privacy focused and offer "keep me logged in" type options so as not to annoy the shit out of your users by constantly forcing them to relogin every single time; Just have the session expire after a reasonable amount of time and have multi-layer account security.
A good example of this is LastPass, which has a "trust this device" option that requires 2FA and can only be set to last 30 days max. And even when logged in on a "trusted device", when a user attempts to view a password in plaintext or edit any passwords they still have to reenter their master password for the first time they attempt to do so, after which they can then set how long they want before LastPass will re-prompt them for the master password again (up to 24hrs max). IMO that sort of setup is the perfect mix between user convenience and security.
There is one.
They are.
It is.
It is.
What do you mean, considerations? Like "don't stay logged in on a public computer"?
Tildes embraces an empathetic take on interaction on the internet. So while this is true, your comment (and actually in my view, the parent comment) is worded too brashly. This might deter others, even if their questions are potentially naive or easily discoverable, from wanting to ask in the futureāa form of chilling effect that should be discouraged.
It's helpful to teach people how to learn for themselves, but this style of comment does nothing to improve the situation.
I did intend to word it somewhat brashly because, in my view, the original post is actually fairly passive-aggressive.
Let's live in the world where Tildes didn't have a "remember me" checkbox and did this by default for a second: I'd much rather see a "Hey, would it be a good idea to add a 'remember me' checkbox?" than the way this post raises the issue.
I had more to say about this but deleted it because I don't want to make @suspended feel like I'm trying to bully them. Live and learn, best move past it.
It might be good to think about scenarios where this could be a problem.
Using someone else's computer to log into Tildes
(For example, at a hotel or library, or at someone else's house.)
This is always a bit risky since you're trusting someone else's computer security.
Using shared computers is much less common than it used to be due to cell phones. A workaround would be to use incognito mode (or equivalent), or remembering to log out, or just taking a break from Tildes. (It's okay, we'll still be here later.)
Snooping by family, roommates, guests
If this is a potential problem, locking your screen whenever you leave your computer is the first line of defense. Phones have fingerprint sensors, and so on. As a backup, banks will automatically log you out and refresh the screen after a pretty short timeout, to make this less likely. Tildes isn't a bank, but this could be useful for some users.
What are some other scenarios?
Some sites do this, it's essentially a convenience vs. security trade-off. That being said if the site is sensitive it is probably not unreasonable to trust that it's users are careful with their logins.
Yeah, but the question is how sensitive is a Tildes account? And I think that depends on the person.
I consider my Tildes account to be relatively low-risk because I don't post anything I want to keep private. It's easy to get from my Tildes username to my real name, so I'm already somewhat cautious. If some troll posts as me, it may be embarrassing since I like to think I'm reasonably good at computer security, but it's probably not the end of the world. I could verify my identity to Deimos from another account and he could let me back in. Also, my house and phone seem secure enough, and so I think staying in logged in all the time is a nice convenience that's worth the risk. (On the other hand, if it went away I'd just save my Tildes password in my browser, and it amounts to almost the same thing.)
But of course other people have different risk profiles. For pseudonymous users the risk profile can be entirely different. A classic example is someone who is gay and not out, and talks about it here. Any way of linking their account to them (including shoulder surfing) could be pretty bad.
One way to solve this would be to ask people something about their risk profile when they sign up. Although it's easy to understand what "keep me logged in" does, people may not think through the consequences. It may be better to talk about the risk more directly.
This is just off the top of my head, but suppose that when you sign up, you get a checkbox like:
And then by default, the "keep me signed in" option gets hidden away in settings, and maybe other stuff gets locked down too?
Maybe that particular idea isn't a good one, but could it be improved? It seems like this is less about the security features themselves and more about the UI issues of helping busy or distracted people make good choices about whether to use them.
Yeah, what you describe would basically be a speedbump to prevent thoughtless use.
(And if you think that's bad, you might want to search for how to turn on developer mode on an Android phone. It's not hard, but the UI is designed so you will never find it without reading the directions on how to do it.)
But I was describing something slightly different, where you ask the user when they register what sort of privacy they're interested in when using Tildes and pick defaults based on that.
There are arguments for and against this. Because it very much depends on a multitude of factors. Part of the reason "keep me logged in" exists as convenience is because people find constantly logging in annoying. Not offering it could lead to them coming up with worse solutions like noting the password in a close location for ease of access or simply never quitting the site in order to stay logged in. And if we're working on the assumption that you might have uninformed or complacent users then this is a definite possibility. Convenience vs. Security isn't a problem exclusive to the developer side of things.
Keeping a login through cookies can be more secure for administrators because cookies and/or sessions can be revoked, either manually or on a scheduled basis. It can also help detect potential unauthorized logins by supposing that users will prefer using logged in devices and so every new login can be treated with suspicion. Twitter, Google and Facebook, for example, do this to some extent.
Protonmail's web interface is an example of a site that doesn't has a "keep me logged in" function on the login page and deletes sessions as soon as the tab/window closes. But Protonmail's userbase is likely a very specific kind of user who understands the potential risks of not doing so. I'm not sure this would actually increase security for the average uninformed or complacent user.
You can still be security/privacy focused and offer "keep me logged in" type options so as not to annoy the shit out of your users by constantly forcing them to relogin every single time; Just have the session expire after a reasonable amount of time and have multi-layer account security.
A good example of this is LastPass, which has a "trust this device" option that requires 2FA and can only be set to last 30 days max. And even when logged in on a "trusted device", when a user attempts to view a password in plaintext or edit any passwords they still have to reenter their master password for the first time they attempt to do so, after which they can then set how long they want before LastPass will re-prompt them for the master password again (up to 24hrs max). IMO that sort of setup is the perfect mix between user convenience and security.
You could always open up your gitlab and I can add an issue for it now so neither of us forgets. ;)
Same as on Tildes: https://gitlab.com/cfabbro