True. But most good stuff isn’t a solution for everyone. It takes real effort to escape vendor-lockin. Bigtech made sure of that.

If something is too simple to set up or requires no set up, or comes from a for-profit company, but doesn’t cost anything, then it always suspicious.

I am just saying that the issue is not with passkey itself, but the individual implementations and that google/twitter/etc. is pushed towards regular users.

Critiquing passkey because vendor-lockin is like critiquing HTML for allowing ads.

True. But I would say that this isn’t an issue intrinsic with passkey. Many people don’t have time/energy or the attitude to think critically about technology and are herded towards Google/X-corp/etc with offers of convenience and because they are often the only offered choice on the web sites. But from the POV of passkey they just act as a password manager.

I use them with bitwarden and a self hosted vaultwarden. If my phone breaks, no issue. If my server breaks, I got local backups… Keys are stored encrypted in a postgres database for which I have access, if I need to restore it. No lock-in issue or risk of loosing access when one or two devices break.

A better, well defined API for password managers to insert login information to the site compared to text boxes.

I self host vaultwarden, and use bitwarden clients everywhere. Passkeys are stored there

Passkeys to me, are a better way to insert login information. Some developers don’t think of passwords getting automatically filled in, so this autofill sometimes breaks. Passkeys might be a improved interface to integrate password managers. Also, sometimes 2FA keys from my bitwarden client gets copied into the clipboard, which sometimes overwrites the stuff I wanted to preserve in there. This does not happen with passkeys.

I store the passkeys in my self hosted vaultwarden, they are a good replacement for auto inserting random passwords via text boxes.

You can? At least I do that. I host vaultwarden myself and store the passkeys there.

Passkeys to me are just a better way to autofill in login data.

I echo the criticism of the term ‘sideloading’, before it started to mean just installing software, I assumed it meant using a separate device or software on the side, like a PC with a debug interface or memory inspection tools, to inject custom code into a running system or software.

Similarly to preloading libraries into games or other software to replace functions in order to change or enhance the game or software. For instance used with script extenders or game mods. There it is ‘pre’ because the software is not running yet. ‘Side’ would be on running software.

But installing applications (the distribution doesn’t matter) is in no way side loading.

And I really hate that the press or whoever picked this term up from apple or google and ran with it without question.

And now, because that term is so strange and useless in that way, its definition keeps getting changed into whatever the industry needs in order to squeeze out more money and personal data, while taking away the freedom and rights of the owners.

Apart from questionable quality of the result, a big issue to me about LLMs is the way it substitutes human interaction with other humans. Which is one of the most fundamental way humans learn, innovate and express themselves.

No technological innovation replaced human interaction with a facsimile, that way before.

If it would run a open source firmware or be open source hardware, it would be nice. But they are using a non-OSI/non-FSF license, so it is not open source.