(removed my snarky comment about AI, was unnecessary)
Update: I re-read it. Seeems like the issue is that they found the content of the packets that were transported over TLS contained the TOTP seed in plain text.
Anyone tell me why this is worrying for the masses? Unless Google has promised to make this E2E encrypted.
They’re encrypted in transit, Google presumably encrypts everything at rest. So what’s the issue here? Practically every sensitive transaction on the web works this way.
Update: I re-read it. Seeems like the issue is that they found the content of the packets that were transported over TLS contained the TOTP seed in plain text.
Anyone tell me why this is worrying for the masses? Unless Google has promised to make this E2E encrypted.
They’re encrypted in transit, Google presumably encrypts everything at rest. So what’s the issue here? Practically every sensitive transaction on the web works this way.