this post was submitted on 29 Aug 2023
83 points (95.6% liked)

Open Source

31375 readers
124 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Hey y'all!

I've been using Authy for some time now (switched from Google Authenticator) but an increasing amount of people is suggesting Aegis over Authy in some posts here at Lemmy and that got me curious.

Was wondering what would be the main selling points for one to use Aegis instead of Authy, can somebody help out?

Thanks in advance!

you are viewing a single comment's thread
view the rest of the comments
[–] ultra@kbin.social 71 points 1 year ago* (last edited 1 year ago) (2 children)

This is an easy one.

The entire privacy policy of Aegis:

Aegis Authenticator does not collect any data from your device.

  • Camera access is only used for scanning QR codes.

If you believe this policy has been violated, please let us know.

Relevant parts of Authy's privacy policy:

We use that phone number to identify you, to provide you 2FA services, and to maintain logs for security and anti-fraud purposes.

We may also send notices about Twilio products or events to you, but you may click on the unsubscribe link that will appear at the bottom of any of our marketing emails or you can contact customer support to opt out.

Device Information. When you download and open the Authy desktop or mobile app, we automatically collect information about the type of device you have downloaded the app on and your device identifier.

Login History and Authy Account History. When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application you logged in to, that you logged in, and when. If you change your phone number or email associated with your Authy account, we will also keep a log of that.

Geolocation information. If you have location services turned on, we collect your location based on your IP address.

How we share personal data. In general, Authy shares personal data in the same way Twilio does (see How Twilio shares personal data for more).

From "How Twilio shares personal data": However, we do need to share it in some circumstances. These may be to provide you services (e.g., to route a call or send an email), or when necessary for our suppliers to provide services to us, or for another reason listed here, or share personal data for cross-context behavioral advertising.

However, Authy users should be aware that an application that integrates with the Authy 2-Factor API can access your phone number, email address, and user name. It will also be able to access your primary device type and information associated with your login activity to that application. It may also retain this information on its own servers. We may also share other information related to your account with that application to help them and us detect suspicious or fraudulent activity on your account.

[–] MXX53@programming.dev 12 points 1 year ago

This might be the strongest argument I have seen. Thank you!

[–] Kelho@lemmy.ml 2 points 1 year ago

Thanks, that ToS from Authy regarding personal data is scary