| ▲ | ptx 2 days ago | |
Those are some pretty flimsy safeguards. I don't keep my secrets in system directories and using HTTPS doesn't mean the site isn't malicious. | ||
| ▲ | Ajedi32 2 days ago | parent [-] | |
> I don't keep my secrets in system directories Root of the home directory is also excluded. But obviously yeah, nothing's going to prevent you from giving a website access to your .ssh directory if you explicitly select it. Personally I don't have a problem with that. The ability to upload files has been a thing on the web for forever and I don't think there's ever been anything that stopped users from uploading their private key. Possibly some users have gotten phished that way, but at a certain point you have to accept responsibility for your own actions, otherwise you start ceding control of your life to a corporate nanny state. | ||