The idea behind private keys is that they are private and never sent anywhere so I believe your assertion that the server knows anything about your private key is incorrect.
You may want to dig into the documentation a bit more.
First, ask yourself a simple question: How can a Yubikey store an unlimited number of FIDO2/U2F credentials. The official Yubikey documentation literally claims that Yubikeys can do that. Not “a lot”. Not “more than you’ll ever need”. Not 10k. Not 10M. Not 10G. Unlimited.
Gosh, maybe I should use a Yubikey for mass storage on the cheap! I wonder why nobody has done this?
Second, you’ll want to dig into what is the contents of the “key handle” that is passed from the server, through the user agent, to the key. Hint: Despite the HN hive mind, I’m not wrong.
It's very similar to how TPMs work. Discoverable keys were originally called resident keys because regular keys were almost always encrypted in the key handle and sent to the RP.
If you don't trust a system to encrypt why would you trust it to generate keys with correct random or sign without leaking key data?
The encrypted private key isn't any more likely to be a weak link than the other things a token could do wrong.
Do you know where the "don't put hot food in the fridge" idea came from? My thought has always been that if my fridge warms up the compressor will fire up and cool it down again.
It's an idea you can easily test and entirely depends on the thermal mass of the item. A well ventilated room can move heat away from food much faster than a fridge can simply because the fridge is heavily insulated and is comparatively poor at circulating air.
A quick experiment you can do is take a big pot of boiling water and put it in your fridge. Wait 5 minutes. The internal temp of fridge will now be hotter than room temp. At this point it's as if every item in your fridge is now sitting out in the sun. Every item is in the danger zone until the fridge cools that entire pot, which can take a few hours.
As an added layer I suspect that most people watch the entire movie but most people don't finish games.
There's a percentage of players of course that will play a game for many hundreds or thousands of hours but the calculation is shakier when you take the falloff of players into account/
I recently heard about an incident where hanging up turned out to be more difficult than it should have been. Stay calm. Call from another phone perhaps?
If you don't have another phone would it be safe to first call some other known number and see if that goes through?
If it does, then you should be able to infer that the previous inbound call has (probably [1]) hung up, and it is now safe to call your bank.
[1] A sophisticated enough scammer could hold the line, give a fake dial tone, detect that the number you are dialing is not the bank number they expected you to dial, dial that number themselves on a different line, and relay between that line and yours to convince you that you really did have a clear line, and then keep holding the line when you then hang up and try to call the bank.
For those that like trivia, the original quote I believe is by Kernighan and it's about debugging code rather than writing it, which I feel makes more sense:
"Everyone knows that debugging is twice as hard as writing a program in the first place. So if you're as clever as you can be when you write it, how will you ever debug it?"
I was under the impression that the Chinese stock market has a circuit breaker that applies in both directions. Not an expert but random googling does seem to match with this:
"when it goes up or down by 7%, it usually means that sharp volatility has taken place in the market, which is likely to face the extreme systemic risks. Therefore, the market needs more time to calm down so as to prevent the spreading panic from intensifying the market fluctuations."
"Meanwhile, a 7 percent rise or fall in the CSI300 Index will prompt a trading halt in the Shanghai and Shenzhen stock exchanges for the rest of the day"
John Oliver did a bit in his wealth gap segment where he mentioned that, in the US, estate taxes are exempt even to children on amounts up to 5 million, and up to 10 million if it's a couple leaving the amount to their children.
General searching around turns up these numbers here and there as well. Assuming that is in fact true, _most_ people shouldn't be giving up anything in estate taxes.
I think the reason why the experiment, if true, is so fascinating is because it's about normal people put into an abnormal situation rather than inherently bad people being given power.
What I take away from the experiment is that given the right situation and pressures, most people would do things they thought they would never otherwise do. More importantly, I think it's probably a mistake to think that you're the exception and are morally incorruptible.
This is exactly the conclusion they want you to reach. Who are you to judge? Who are you to condemn anyone since you are evil too? This is the charter of liberty for evil and all evil needs to survive, even prosper. This "experiment" is the biblical tenet of Original Sin masquerading as science and I reject it. If your moral principles cannot be practiced consistently by all men then something is wrong with your principles, not human nature.
I'm not sure if it has changed since I last made an ios app a while back, but there was a fairly large amount of security certificate provisioning and the interface for it, at that time at least, was unintuitive.
Here's a link to Yubico with a visual diagram of how passkeys work: https://developers.yubico.com/Passkeys/How_passkeys_work.htm...
But fundamentally it's very similar to how all public/private stuff works. You send people the public key and sign stuff with the private key.