• glans [it/its]@hexbear.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    @PaX & @EatPotatoes I tried neonmodem. Was eventually able to login to hexbear.

    username and password stored plain text wtf

    • who needs spyware with such abysmal security?
    • you are much better off with a web browser
    • no mention of this in the installer, the --help, the readme, the application
    • I only found it because I was trying to troubleshoot another bug so I looked in the config file
    • PR open since June 2023; no work since July
    • another PR by different user attempting to solve the same problem but it was closed due to existing (still today unmerged) PR
    • The devs are aware since many months. Have not even bothered in any way to alert users.
    • Lack of notice demonstrates total lack of concern for users which I’m sure is manifested in lots of other ways

    Lots of people share computers, they have unencrypted hdds, they have auto cloud backup etc. Hopefully no need to describe all reasons why plain text credential storage is Bad.

    Like the advice to prefer clients over web, this project in its current state is plain irresponsible.

    Clear from the github/website that this is intended primarily to adhere to devs’ aesthetic tastes and nothing more.