upvote

points

by moqster8 hours ago |
comments
upvoteby _factor8 hours ago|
next
[-]
You presumably had a working 2fa app already, but off the cuff decide to switch to new unvetted variant X; basically unknown auth system after reading a few paragraphs of text in an afternoon?

Does this seem sound?

reply
upvoteby yolo_4208 hours ago|
parent|
next
[-]
Ente is extremely well known in the privacy circles, so this is not just some random company with a random app out of nowhere. Check PrivacyGuides for example.
reply
upvoteby 6 hours ago|
parent|
next
[-]
deleted
reply
upvoteby testdelacc15 hours ago|
parent|
prev|
[-]
Ok I checked privacyguides.

Here’s where it was added to PrivacyGuides - https://github.com/privacyguides/privacyguides.org/issues/36.... The person opening the issue is the CEO of ente. So the CEO of ente gets his company mentioned in PrivacyGuides back when it was new and that makes it more legit?

reply
upvoteby yolo_4205 hours ago|
parent|
[-]
PrivacyGuides goes through their own process of vetting (whether you would agree with their process or not that’s another topic) so I think the discussion to add Ente Photos is the more relevant link https://discuss.privacyguides.net/t/ente-photo-management/11...
reply
upvoteby ahofmann8 hours ago|
parent|
prev|
next
[-]
While I would have the same reaction, in this case I think it is a sane decision. Ente is cornering the privacy market and I think they're doing a great job. They have a lot to lose (trust) and it would be stupid if they did something shady with the data entered in the 2FA app.
reply
upvoteby PurpleRamen7 hours ago|
parent|
next
[-]
Not knowing them, how could OP trust them instantly? Whether they really have that trust or not, you have to know them for a while and from many different trustable sources. The story is a bit strange.
reply
upvoteby dotancohen5 hours ago|
parent|
prev|
next
[-]
There are the issues of competence and track record, not only intent.
reply
upvoteby stonogo8 hours ago|
parent|
prev|
[-]
> cornering the privacy market

this seems self-contradictory

reply
upvoteby ahofmann5 hours ago|
parent|
[-]
Sorry, English is not my first language and I tried to look clever.
reply
upvoteby deltoidmaximus7 hours ago|
parent|
prev|
next
[-]
I ended up picking them because they were the only open source one that worked on all my devices IIRC.

https://en.wikipedia.org/wiki/Comparison_of_OTP_applications

reply
upvoteby utopiah6 hours ago|
parent|
prev|
next
[-]
What's the risk?

They just store tokens, without other FA at "worst" you get locked of your account but nobody else has access either. You're also supposed to, as good practice, not be limited to token generation and typically have a dozen or so of recovery tokens. Also if they were somewhat not working at doing the 1 task they should do, namely generate tokens, then you won't be able to use them so it won't even be added.

So... I might be missing something, can you please explain what worries you and why I should thus worry too?

reply
upvoteby 8 hours ago|
parent|
prev|
next
[-]
deleted
reply
upvoteby zaphod127 hours ago|
parent|
prev|
next
[-]
if it helps, I've used ente for a year and I really like it.
reply
upvoteby testdelacc15 hours ago|
parent|
prev|
[-]
Not saying they’re a paid promoter. But if I paid someone to speak about my newly launched product, they’d say something exactly like that. “Never heard of these guys before, but I loved their other product you’ve never heard of. I’m super excited to try this one!”
reply
upvoteby glitchc7 hours ago|
prev|
next
[-]
This sounds like an ad.
reply
upvoteby Fervicus5 hours ago|
parent|
next
[-]
I am not a bot and I am not associated with this company in any way. But I am a happy user of Ente Auth as well. This AI thing they made however just gives off "we have to do something with AI or we'll be left behind" vibes.
reply
upvoteby gwerbret7 hours ago|
parent|
prev|
next
[-]
As do most of the associated comments. I think we're surrounded by bots.
reply
upvoteby NewsaHackO2 hours ago|
parent|
next
[-]
Yea, everything about this post is just weird. IDK if they are even bots vs paid actors vs actual people who are clueless etc.
reply
upvoteby vaporwario6 hours ago|
parent|
prev|
next
[-]
agreed. i have never seen anyone (let alone an assortment) of hacker news users saying "i switched my 2fa to this after seeing how great it was!" Not really sure how one 'switches their 2fa' to an LLM...
reply
upvoteby mschulze6 hours ago|
parent|
[-]
This thread is about the 2FA app, not the LLM app. I don't care about the LLM app. What's this witch hunt? This app literally solved a (self-inflicted) problem I was having for some years now where I was keeping an old phone around just for MFA. I even thought about creating an iOS app that's compatible with Aegis files (actually I even _started_ working on that, but didn't get far) just to solve my problem. Now I don't have to, thanks to a comment here, and that's why I posted. Geez. I guess I'll stay with negative comments for the future, they seem to be more trustworthy.
reply
upvoteby mschulze7 hours ago|
parent|
prev|
[-]
I'm not a bot. Check my comment history and account age.
reply
upvoteby yomismoaqui7 hours ago|
parent|
[-]
You sure were when you posted those comments, but now, we cannot be sure...

So you look down you see a tortoise. It's crawling towards you.

reply
upvoteby mschulze6 hours ago|
parent|
[-]
I mean I get it, astroturfing is a real problem and an annoying one for communities. But I also have no idea how to prove to you that I am neither a bot nor shilling here.
reply
upvoteby testdelacc15 hours ago|
parent|
prev|
[-]
For sure. Getting shady vibes from ente. I’ll be avoiding them.
reply
upvoteby dotancohen5 hours ago|
prev|
next
[-]
I'm very happy syncing between KeepassXC on Debian and Keepass2Android on mobile. It handles TOTP accoss devices.

What I'm missing is a way to create and use Passkeys across devices. My use case does not support creating a new Passkey on every device, I need to sync them via servers I control. The system that supports that will be the system that I migrate to.

reply
upvoteby mschulze8 hours ago|
prev|
next
[-]
Oh, wow, thanks for posting that. I switched to Ente for my photos recently, had no idea they also have a 2FA app. I was looking for a replacement for Aegis (after a switch to iOS), and this can even import from Aegis backup files. Neat. This means I can finally ditch my old phone I still had to have around just for 2FA :)
reply
upvoteby dmboyd5 hours ago|
prev|
next
[-]
I was just thinking their end goal seems to be to harvest creds by putting their own rebadged distribution of local models. That’s the only “business” model that makes sense.

Expressly harvesting creds through a 2FA app seems a little more direct.

reply
upvoteby sylens3 hours ago|
parent|
next
[-]
Ente offers E2EE photo hosting, the storage they sell through subscriptions to that is their business model. Their main selling point is that all machine learning to cluster faces is done on your devices. I would assume that they want more users to train their models on to improve their core offering
reply
upvoteby hrmtst938372 hours ago|
parent|
prev|
[-]
[flagged]
reply
upvoteby moontear5 hours ago|
prev|
[-]
And you can self-host the server if you want to! Running Ente Auth since quite a while now and am very happy with it.
reply