this post was submitted on 01 Oct 2024
209 points (99.5% liked)

Privacy

31431 readers
877 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
209
Meta fined $101 million by Ireland for storing hundreds of millions of passwords in plaintext (therecord.media)
submitted 2 days ago by sqgl@beehaw.org to c/privacy@lemmy.ml
33 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] cron@feddit.org 5 points 2 days ago* (last edited 2 days ago)

Just one open source example ... freeradius has an option to log passwords:

log {
    destination = files
    auth = no
    auth_badpass = no
    auth_goodpass = no
}

Or another example: The apache web server has a module that dumps all POST data, with passwords, in plain text:

mod_dumpio allows for the logging of all input received by Apache and/or all output sent by Apache to be logged (dumped) to the error.log file. The data logging is done right after SSL decoding (for input) and right before SSL encoding (for output). As can be expected, this can produce extreme volumes of data, and should only be used when debugging problems.

I don't agree that this is "absolutely malice", it could also be stupidity and forgetfulness.