Hello @dvd4fun,As far as Netflix is concerned, it's only a streaming service.
But Amazon... They use the same creds for shopping and vids.
What can you guys say to confort me. Am I sharing my Amazon creds with Redfox?
Sorry for asking, but I don't understand what this will achieve.I recommend logging out in Anystream first before you activate it in Amazon.
After its active, log in again.
Even if somebody gets your Amz login credentials, he/she would also need to get access to your 2nd authentication factor (be that an app on your smartphone or a one-time-code sent to your email address) to execute any critical actions like payments and such.Sorry for asking, but I don't understand what this will achieve.
Two factor makes it difficult to get someone's account when the credentials are known but it is not at all impossible. Sometimes the platforms themselves are the weak point through unintended bugs or their support getting socially engineered.Even if somebody gets your Amz login credentials, he/she would also need to get access to your 2nd authentication factor (be that an app on your smartphone or a one-time-code sent to your email address) to execute any critical actions like payments and such.
I know exactly what 2FA is, I just didn't see what "I recommend logging out in Anystream first before you activate it in Amazon. After its active, log in again." had to do with it.Even if somebody gets your Amz login credentials, he/she would also need to get access to your 2nd authentication factor (be that an app on your smartphone or a one-time-code sent to your email address) to execute any critical actions like payments and such.
That was not the point. Any service provider is vulnerable to attacks or plain human nature.Two factor makes it difficult to get someone's account when the credentials are known but it is not at all impossible. Sometimes the platforms themselves are the weak point through unintended bugs or their support getting socially engineered.
The takeaway is always guard all of it as best you can. But again, Redfox is not the one here to worry about. Amazon is mining data almost as much as Google.
I know it wasn't but I was replying to cartman0208 in that particular case.That was not the point. Any service provider is vulnerable to attacks or plain human nature.
"The takeaway is always guard all of it as best you can."
Exactly, introducing a MIM such as AS wouldn't qualify as best practice. And as I started with. Getting my Netflix account compromised. meh.
Getting my Amazon account compromised is a bit more worrisome. Best mitigation would be if Amazon was not such a dick and allow separate creds. Also as already mentioned here. 2FA is a fair mitigation.
I stand corrected, AS act as a client and doesn't intercept anything you are right. I just hope AS use good cryptography measures to protect the creds.I know it wasn't but I was replying to cartman0208 in that particular case.
AS is not a main in the middle in my view. It's no different than you accessing Amazon from your browser because technically speaking (to my understanding) that's all it is doing. It just scrapes the URL for the download and gives you a button to press.
I recommended it because I noticed for me that in the past when I activated 2FA,Sorry for asking, but I don't understand what this will achieve.
I don't think AS saves any credentials. The browser they use for Amazon is some slimmed down version of chromium. The others I don't know but they probably all work like any other browser where once you authenticate you get a cookie or session key to auto authenticate next time. So while I am no developer I doubt there are any credentials being saved beyond what happens with any other browser. And in either case that is being stored on your PC. Again, no different than any other browser you might use.I stand corrected, AS act as a client and doesn't intercept anything you are right. I just hope AS use good cryptography measures to protect the creds.
My memory is Goldfish like these days. But I kind of remember they store the creds in the registry.I don't think AS saves any credentials. The browser they use for Amazon is some slimmed down version of chromium. The others I don't know but they probably all work like any other browser where once you authenticate you get a cookie or session key to auto authenticate next time. So while I am no developer I doubt there are any credentials being saved beyond what happens with any other browser. And in either case that is being stored on your PC. Again, no different than any other browser you might use.
I have never heard that. It really would not make sense for that to be the case given how authentication works most of the time with online platforms. Ultimately there is just no need for it. When you log into Netflix, Amazon or whomever you are using that actual site and that is where the auth happens and where you get a token or a session key. AS I don't believe is providing it, it is just as vehicle for it like any other browser in my summation.My memory is Goldfish like these days. But I kind of remember they store the creds in the registry.
Some more technical info to clarify how this works:As far as Netflix is concerned, it's only a streaming service.
But Amazon... They use the same creds for shopping and vids.
What can you guys say to confort me. Am I sharing my Amazon creds with Redfox?
I like that! Thank you so much for taking the time to explain this.Some more technical info to clarify how this works:
Your actual credentials are stored absolutely nowhere.
All that is stored, are session cookies and similar information pertaining to the login session you created, when logging in.
In case of Amazon, AnyStream provides a browser through which you log in. When the login was successful, a session cookie is created (well, a bit more than that, but in principle, that's it) and the browser stores that session information on your local HDD. From then on, AnyStream only needs this session, it doesn't require your credentials, ever.
So... your credentials are never stored, they are only ever shared between you and Amazon. AnyStream's browser "forgets" them, the second you logged in.
I found where I've read they were stored in the registry It was in one of you previous posts.Some information to authenticate AS to a provider has to be saved somewhere ... and that is done encryptedin your registryon your computer...
Yes, AnyStream has to cache your credentials in order to not have you log in every time you start the application.
BUT the credentials are saved on your computer in the Registry:
If you empty the Data-field there, you will have to log in again.Code:Computer\HKEY_CURRENT_USER\Software\RedFox\AnyStream\Media\prime
From what I gathered Redfox has no interest in gathering your credentials and I never saw an indication that they did.
Of course the above test does not mean your credentials could not have been copied elsewhere ... but without a bit of trust ... why do you even use the internet?