I don't mean that they don't encrypt the data at rest. I mean that even if they do, they have the access to the key to decrypt it and have access to my plaintext passwords at any point.
I don't like it.
@alxd Seems fishy. They might be hashing them and then sending that hash off somewhere?
Not a good idea regardless.
@alxd I got this too, had the same thought... but it’s their cloud password manager, they have to have them available as plaintext one way or another, no?
@tynanpants if they want to make them readable in the web interface, yes. If they would be decrypted only on client, it'd be a different story.
@alxd Oh gosh, I hadn't even thought about sending the passwords over the wire. Wonder how they do it. Seems important! Haha
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!