Natanael

It literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention

Passkeys use unique keys per site for that reason

TOTP codes can be phished, hardware security keys and passkey can't

Google Chrome on PC can let you verify from the phone to unlock passkeys

TOTP can be phished remotely, passkeys / hardware security keys can't (need to get malware into the users' computer instead)

The synchronization part is the annoying part. And when you have multiple accounts on one site you can end up with multiple passkeys for it.

They're using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.

I prefer the physical ones, because they're easy to organize. Passkey synchronization can be annoying.

The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above

If finances also are separate it can be very quick

Of course a group of people could use violence to oppress other people. But then you no longer have anarchy.

The irony is that the amount of coordination needed to protect anarchism would no longer be called anarchism

You will always end up recreating some form of organizations to manage resources. The best you can do is ensure those organizations are structured with accountability to make sure they're fair to everybody

There's basically ideologues versus hateful people versus indifferent sociopaths (overlap is common)

I consider political ideologues and "technocrats" and extremely pedantic rule-following bureaucrats to be different flavors of ideologues (has a specific worldview they try to enforce / uphold)

I had Guinea pigs too. I'd slap down their little front paws on the keyboard to type