Privacy

31255 readers

1189 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[Youtube video]: Is it really that easy to hack someone's Discord? Is it the same with: Telegram, Twitter, facebook ...ect ? and does this work if I'm accessing Discord through Firefox ? (www.youtube.com)

submitted 3 weeks ago* (last edited 3 weeks ago) by zaknenou@lemmy.dbzer0.com to c/privacy@lemmy.ml

37 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ReversalHatchery@beehaw.org 3 points 3 weeks ago (1 children)

Does this rely on the user typing in their password, or does somehow even the browser fall for it and autofill it?

Because in that case, to respond to OP: Firefox is not vulnerable to this, but most users themselves are. Using a password manager like Bitwarden would help, because if you add the website's real URL to your password entey (happens automatically for the current URL at password entry creation), bitwarden will simply just not show your password entry when the URL does not match.

Also, install uBlock Origin and turn on it's phising blocklists in the settings. It can be helpful.

[–] Godort@lemm.ee 1 points 3 weeks ago

An attack using this tool does require that the user actually logs in, but because they're just acting as a proxy for the real login page, the only way you'd spot the difference is if the URL doesn't match (or that your password manager doesn't auto-fill)

However, it's pretty easy to see that someone would be fooled by that as you'd expect to need to confirm your identity when adding a gift card to your steam account.