649
Fuck Github, Microsoft has made it impossible to create an account without linking to hardware or phones (lemmy.ml)
submitted 2 months ago* (last edited 2 months ago) by someone@lemmy.today to c/privacy@lemmy.ml
114 comments fedilink hide all child comments

Github has made it impossible to create an account when using a VPN and a privacy browser with fully spoofed hardware identifiers. (Use Firefox or Firefox-based Privacy Browser, VPN, install Canvasblocker to test this.) I create an account with Google or Apple (both requiring hardware identifiers and numbers and birthdates) or I can use an email. When I use an email, it comes back with this horrible test, and even if I do it completely correctly, it tells me after I didn't do the test right, gaslighting me with a picture of what I chose (which I didn't choose) and showing me the correct picture (which I did choose and it claims I didn't select).

It's fucking bullshit and it's more corporate control of open source software. For people who have their discussion or issue tracker, I can't even participate without hardware identifiers likely linked to me some other way and phone numbers. It's fucking bullshit. If anyone from Microsoft is reading this, FUCK YOU!!!!!!!!!!

I am so tired of this bullshit. I just want to post an issue about a piece of software. You don't need my fingerprint, hardware or personal, or biometric shit. This is a slippery slope. Fuck them.

I really hope more developers just get the fuck off Github. Honestly, if you are developing privacy-oriented software and using github, there's a mistmatch and it's bullshit, and I know it's time consuming and annoying to move, but please do. This is fucking bullshit and it's not like it's going to become LESS annoying over time. FUCK THIS.

you are viewing a single comment's thread
view the rest of the comments
[-] ricecake@sh.itjust.works 1 points 2 months ago

I'm not seeing anything that's not a great look about requiring strong authentication for access to sensitive portions of a users account. What you're saying is akin to calling it a bad look that they force users to use complex passwords against user wishes.

I'm not sure what "trust me bro, my cloud is safe" has to do with anything. Passkeys live on your device. There are ways of facilitating device to device migrations of the keys if you want. You don't need to use them to use passkeys. And at least on Android you don't need to even use Google to manage the keys.

Most semiconductors are closed source. The processor, ram, and radio are also more than likely closed. The software interfaces to all of them have open specification and implementation. There's like, six for Linux. Microsoft open sourced theirs.
Tpms are not security through obscurity. They are obscure, but that's not a critical component to their security model.

What they do isn't really what "collecting biometrics" implies. They're storing key points in a hashed fashion that allows similarities to be compared. Even if it wasn't encrypted in a non-exportable way you still can't do anything with it beyond checking for a similarity score.

You've done a good job explaining what I said previously: there's sometimes a disjoint between privacy and security concern, and so sometimes people don't understand something about security.

[-] ell1e@leminal.space 0 points 2 months ago* (last edited 2 months ago)
[-] ricecake@sh.itjust.works 1 points 2 months ago

Just so you know, from looking at the wall of text you pasted by proxy: those are arguments against the notion that a tpm can make the device itself secure, not that it is untrustworthy for the notion of signing and storing encrypted data.

Next time, make your point and provide references (or not), rather than just link bombing.

[-] ell1e@leminal.space 1 points 2 months ago

I provide whatever I think is useful for the discussion.

[-] ricecake@sh.itjust.works 1 points 2 months ago

And I'm just letting you know that link bombing isn't, and it's actually a discussion if you explain your point rather than dropping someone else's novel.
If for no other reason than because you don't have to dig for what part of what was posted is related to what they were saying, and you can much faster say "ah, you're talking about something totally different than I am".

[-] ell1e@leminal.space 1 points 2 months ago* (last edited 2 months ago)

I don't think you're making a relevant point, but I'm not interested in continuing. Sorry for the terseness, I just don't want to drag this on.

[-] ricecake@sh.itjust.works 1 points 2 months ago

Nah, it's cool. We're clearly talking at cross purposes. Have a good one.

this post was submitted on 28 Feb 2026
649 points (95.9% liked)

Privacy

48758 readers
461 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz